skills/iii-hq/workers/hermes/Gen Agent Trust Hub

hermes

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill enables the agent to discover and invoke registered system functions via the iii CLI (e.g., iii trigger).
  • [DATA_EXFILTRATION]: Primary functionality involves delivering messages to 27+ external chat platforms such as Telegram and Slack.
  • [PROMPT_INJECTION]: The skill provides an indirect prompt injection surface by processing untrusted data from external webhooks via the hermes::inbound sink. 1. Ingestion points: External messages received via hermes::inbound. 2. Boundary markers: Human approval required for run and send functions as per skill documentation. 3. Capability inventory: Ability to trigger system functions through the iii CLI. 4. Sanitization: No explicit filtering of inbound content described in the skill instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 03:11 PM
Security Audit — agent-trust-hub — hermes