hermes-tweet
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to download and install the Hermes Tweet plugin from a GitHub repository (
Xquik-dev/hermes-tweet) using thehermesCLI. - [COMMAND_EXECUTION]: The skill uses the
hermescommand-line utility to manage plugins (install,enable,list), representing routine administrative operations for the intended environment. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it is designed to ingest and process untrusted data from X/Twitter.
- Ingestion points: Data enters the context through
tweet_readworkflows, including searches, tweet lookups, and account monitoring (SKILL.md). - Boundary markers: No explicit delimiter or "ignore instructions" warning is implemented for processed tweet content.
- Capability inventory: The skill can perform authenticated actions like posting, direct messaging, and media changes when
HERMES_TWEET_ENABLE_ACTIONSis set totrue(SKILL.md). - Sanitization: There is no documented sanitization or filtering of the external social media content before it is processed by the agent.
Audit Metadata