hermes-wag-summarizer

Warn

Audited by Snyk on Jun 13, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.95). Runtime path: scripts/whatsapp-group-summary.py reads outsider-authored WhatsApp message bodies from ~/.hermes/whatsapp/messages.jsonl (populated by the WhatsApp bridge from other participants) and passes them as {messages} into the LLM prompt via templates/default-summary-prompt.txt.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 13, 2026, 07:55 AM
Issues
1
Security Audit — snyk — hermes-wag-summarizer