webhook-subscriptions

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions include numerous shell commands using the hermes CLI for configuration, service management (systemctl), and testing (curl). While these are intended for setup and management, they demonstrate the agent's capability to execute system-level commands and interact with local services.
  • [DATA_EXFILTRATION]: The skill configures network listeners (webhooks) and provides examples of sending data to external platforms like Telegram, Discord, and GitHub comments. While these are legitimate integration targets, the combined capability to read local configuration files (like ~/.hermes/config.yaml) and send output to external chat services provides a potential path for data exfiltration if the agent is misdirected.
  • [CREDENTIALS_UNSAFE]: The documentation provides examples for setting secrets and API-related configurations (e.g., WEBHOOK_SECRET). However, it follows best practices by instructing the user to "generate-a-strong-secret-here" and store them in .env or config.yaml files rather than hardcoding actual sensitive values within the skill itself.
  • [PROMPT_INJECTION]: The core functionality relies on interpolating external webhook payloads into agent prompts using templates like {issue.body} or {pull_request.title}. This creates an indirect prompt injection surface where an attacker-controlled external service (e.g., a malicious GitHub PR or issue) could include instructions designed to override the agent's behavior when the webhook is triggered.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 01:44 PM
Security Audit — agent-trust-hub — webhook-subscriptions