hermes-workspace-ai-agent-ui
Fail
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides a 'One-Line Install' command:
curl -fsSL https://raw.githubusercontent.com/outsourc-e/hermes-workspace/main/install.sh | bash. This pattern downloads a shell script from a third-party source and immediately executes it with high privileges, representing a significant remote code execution risk. - [EXTERNAL_DOWNLOADS]: The skill requires cloning code and installing dependencies from an external, unverified GitHub repository (
github.com/outsourc-e/hermes-workspace) and the public npm registry viapnpm install. - [COMMAND_EXECUTION]: The instructions direct the agent to execute several powerful local commands, including
pnpm dev,docker-compose up, andpnpm swarm:start. These commands can perform arbitrary file system and network operations on the host machine. - [INDIRECT_PROMPT_INJECTION]: The skill functions as a workspace that processes untrusted external data which could contain malicious instructions.
- Ingestion points: Processes chat messages, file content, and MCP (Model Context Protocol) catalog items (
SKILL.md). - Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the documentation.
- Capability inventory: Executes subprocesses via
pnpm, manages file system via a code editor, and performs network operations (SKILL.md). - Sanitization: No sanitization or validation logic is specified for handling mission descriptions or tool outputs.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/outsourc-e/hermes-workspace/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata