hermes-wag-summarizer
Warn
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: MEDIUMPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted user-generated content from WhatsApp messages and interpolates it into an AI prompt template.
- Ingestion points:
scripts/whatsapp-group-summary.pyreads data from~/.hermes/whatsapp/messages.jsonl. - Boundary markers: None are present in
templates/default-summary-prompt.txtto separate the messages from the system instructions. - Capability inventory: The skill generates and executes Python scripts using
subprocess.run. - Sanitization:
scripts/whatsapp-group-summary.pycontains asanitize_textfunction that removes invisible Unicode characters, but it does not sanitize the text content for potential malicious instructions. - [DATA_EXPOSURE_AND_EXFILTRATION]: The script
scripts/whatsapp-group-summary.pyis designed to read and filter sensitive communication data from~/.hermes/whatsapp/messages.jsonl. While no direct network transmission is observed in the provided files, the skill explicitly provides the agent with access to private chat logs. - [DYNAMIC_EXECUTION]: The file
scripts/create-group-wrapper.pygenerates new Python scripts at runtime in the user's home directory (~/.hermes/scripts/). It populates a string template with user-provided arguments and writes it to a file, subsequently granting execution permissions usingos.chmod(output_path, 0o755). This dynamic code generation and execution permission modification represents a significant attack surface. - [COMMAND_EXECUTION]: The generated wrapper scripts use
subprocess.runto invokewhatsapp-group-summary.py. Although the implementation uses list-based arguments, the lack of strict validation on thechat-idandgroup-nameparameters during the code generation phase inscripts/create-group-wrapper.pycould potentially lead to command injection if input is manipulated.
Audit Metadata