The Agent Skills Directory

[DATA_EXPOSURE]: The skill accesses the local session history database at ~/.hermes/sessions.db. This database contains private user-agent interaction logs, which are used as evaluation data for the evolution pipeline.
[COMMAND_EXECUTION]: The TestSuiteConstraint mechanism executes shell commands, such as pytest tests/ -q, to validate evolved code variants. This allows for arbitrary command execution within the local environment based on the output of the LLM-driven evolution process.
[DATA_EXFILTRATION]: Execution traces, prompts, and code snippets are sent to external LLM API providers (OpenAI, Anthropic, Together) to facilitate the optimization process. This involves sending local operational data to remote servers.
[EXTERNAL_DOWNLOADS]: The installation instructions require cloning a remote repository from GitHub (https://github.com/NousResearch/hermes-agent-self-evolution.git) and installing it as a development package. While the repository belongs to a well-known AI research organization, it introduces external code dependencies.
[INDIRECT_PROMPT_INJECTION]: The skill has a significant attack surface for indirect prompt injection as it ingests untrusted data from session histories and PR descriptions to evolve its own prompts.
Ingestion points: Reads data from ~/.hermes/sessions.db and external pr_url contexts in SKILL.md.
Boundary markers: None identified in the provided documentation snippets to separate instructions from data during evaluation.
Capability inventory: Execution of shell commands via pytest in SKILL.md and automated PR creation via create_evolution_pr.
Sanitization: No explicit sanitization or validation of the session data is shown before it is used to influence the evolution of prompts or code.

hermes-agent-self-evolution