hermes-wag-summarizer

Warn

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: MEDIUMPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted user-generated content from WhatsApp messages and interpolates it into an AI prompt template.
  • Ingestion points: scripts/whatsapp-group-summary.py reads data from ~/.hermes/whatsapp/messages.jsonl.
  • Boundary markers: None are present in templates/default-summary-prompt.txt to separate the messages from the system instructions.
  • Capability inventory: The skill generates and executes Python scripts using subprocess.run.
  • Sanitization: scripts/whatsapp-group-summary.py contains a sanitize_text function that removes invisible Unicode characters, but it does not sanitize the text content for potential malicious instructions.
  • [DATA_EXPOSURE_AND_EXFILTRATION]: The script scripts/whatsapp-group-summary.py is designed to read and filter sensitive communication data from ~/.hermes/whatsapp/messages.jsonl. While no direct network transmission is observed in the provided files, the skill explicitly provides the agent with access to private chat logs.
  • [DYNAMIC_EXECUTION]: The file scripts/create-group-wrapper.py generates new Python scripts at runtime in the user's home directory (~/.hermes/scripts/). It populates a string template with user-provided arguments and writes it to a file, subsequently granting execution permissions using os.chmod(output_path, 0o755). This dynamic code generation and execution permission modification represents a significant attack surface.
  • [COMMAND_EXECUTION]: The generated wrapper scripts use subprocess.run to invoke whatsapp-group-summary.py. Although the implementation uses list-based arguments, the lack of strict validation on the chat-id and group-name parameters during the code generation phase in scripts/create-group-wrapper.py could potentially lead to command injection if input is manipulated.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 13, 2026, 07:56 AM
Security Audit — agent-trust-hub — hermes-wag-summarizer