Skills
skills/aradotso/hermes-skills/runbookhermes-aiops-agent/Gen Agent Trust Hub

runbookhermes-aiops-agent

Warn

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to clone an external repository from a non-trusted source and install its dependencies.
  • Evidence: git clone https://github.com/Tommy-yw/RunbookHermes.git followed by pip install -r requirements.txt or poetry install.
  • [COMMAND_EXECUTION]: Provides instructions to execute shell commands for environment configuration and service deployment.
  • Evidence: Commands include docker-compose up -d, uvicorn apps.runbook_api.main:app, and python -m apps.runbook_api.main.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its processing of untrusted data from observability backends (Category 8).
  • Ingestion points: Data enters the context from Prometheus, Loki, and Jaeger backends, as well as Alertmanager webhooks.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are documented for the ingested observability data.
  • Capability inventory: The agent has the ability to execute sensitive operations such as execute_rollback, create_checkpoint, and request_approval.
  • Sanitization: There is no evidence of sanitization or validation logic applied to the external observability content before it is processed by the model.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 16, 2026, 10:17 PM
Security Audit — agent-trust-hub — runbookhermes-aiops-agent