The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill documentation instructs users to clone a repository from an unverified third-party account (https://github.com/stephenschoettler/hermes-lcm) to the local environment.\n- [COMMAND_EXECUTION]: The skill requires the execution of shell scripts (scripts/install.sh, scripts/update.sh) provided within the unverified external repository, which could lead to arbitrary code execution.\n- [DATA_EXFILTRATION]: The skill aggregates conversation history, which may contain sensitive user data or secrets, into a local database and subsequently transmits this data to external AI models (Anthropic Claude and OpenAI GPT) for summarization and expansion.\n- [REMOTE_CODE_EXECUTION]: Combining unverified repository cloning with the execution of provided scripts enables a remote code execution vector if the source repository is compromised.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes external chat history and summaries via tools like lcm_grep and lcm_expand_query.\n
Ingestion points: Raw messages and summaries stored in ~/.hermes/profiles/<profile>/lcm.db (SKILL.md).\n
Boundary markers: None mentioned for identifying or ignoring instructions within retrieved history.\n
Capability inventory: Uses lcm_expand_query to call auxiliary LLMs and potentially other shell commands via slash commands (SKILL.md).\n
Sanitization: No evidence of content escaping or validation of retrieved historical data before re-interpolation into prompts.

hermes-lcm-context-management