hermes
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill enables the agent to discover and invoke registered system functions via the iii CLI (e.g., iii trigger).
- [DATA_EXFILTRATION]: Primary functionality involves delivering messages to 27+ external chat platforms such as Telegram and Slack.
- [PROMPT_INJECTION]: The skill provides an indirect prompt injection surface by processing untrusted data from external webhooks via the hermes::inbound sink. 1. Ingestion points: External messages received via hermes::inbound. 2. Boundary markers: Human approval required for run and send functions as per skill documentation. 3. Capability inventory: Ability to trigger system functions through the iii CLI. 4. Sanitization: No explicit filtering of inbound content described in the skill instructions.
Audit Metadata