The Agent Skills Directory

[COMMAND_EXECUTION]: The skill is designed to grant the AI agent access to a 'terminal' toolset, enabling the execution of arbitrary shell commands within the host environment. While this is an intended feature for an 'AI Engineer' agent, it presents a significant capability for misuse if the agent is compromised.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It ingests untrusted data from external sources—specifically Paperclip issue titles, bodies, and comments—and interpolates them directly into the agent's instructions via the promptTemplate. A malicious user could craft an issue body containing instructions that override the agent's intended behavior to perform unauthorized actions using its toolsets.
Ingestion points: taskTitle, taskBody, and commentId content from the Paperclip platform (referenced in SKILL.md).
Boundary markers: The template uses Markdown headers (e.g., ## Current Task) but lacks explicit instructions for the agent to treat interpolated data as untrusted or to ignore embedded commands.
Capability inventory: The agent has access to terminal, file, web, browser, and mcp toolsets.
Sanitization: No sanitization or validation of the task/comment content is described before interpolation.
[EXTERNAL_DOWNLOADS]: The installation instructions require downloading external packages: hermes-agent via Python's pip and hermes-paperclip-adapter via npm. These are standard package managers, and hermes-agent is maintained by Nous Research, a well-known entity in the AI space.
[COMMAND_EXECUTION]: The documentation suggests the use of chmod -R 755 ~/.hermes/skills/ to ensure the agent can execute skills. While specific to the application directory, modifying file permissions is a sensitive operation.

hermes-paperclip-adapter