hermes-control-interface-dashboard

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). The listed URLs themselves are a mix of local endpoints and a third‑party GitHub repo/website that are not obviously malicious, but the workflow requires cloning/running an unfamiliar GitHub repo (xaspx/hermes-control-interface), installing npm packages and running a server (even as root) that exposes terminal/file access on local ports — a high‑risk pattern for remote code execution or malware distribution.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly shows platform connectors (platforms: telegram, whatsapp, slack in the ~/.hermes/profiles/.../config.yaml example) and a web_search tool (tools: web_search) which ingest untrusted user-generated messages and open-web search results that the chat workflow processes (see Chat Interface handling of tool_call/output), so third-party content can influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The installation instructions clone and then run code from the external repository https://github.com/xaspx/hermes-control-interface.git, which fetches remote code that will be executed as part of deploying the skill and is required to run it.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt includes explicit sudo commands and directs creating/enabling a systemd service (writing to /etc/systemd/system and running systemctl), which modifies system files and requires elevated privileges, so it should be flagged.