hermes-attestation-guardian

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches advisory JSON from remote URLs (see lib/feed.mjs's fetchTextRequired/loadRemoteFeed with DEFAULT_REMOTE_FEED_URL and configurable HERMES_ADVISORY_FEED_URL, invoked by scripts/refresh_advisory_feed.mjs) and guarded_skill_verify.mjs reads that cached feed to gate/alter installation behavior, so untrusted third-party advisory content can materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill fetches the advisory feed at runtime from https://clawsec.prompt.security/advisories/feed.json (and its .sig/checksums variants) and uses feed entries (e.g., advisory.action and match results) to print instructions and gate execution (exit code 42), so remote content can directly control prompts/operator decisions.