hermes-a2a-setup

Fail

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The instructions require the user to clone a repository from an unverified GitHub account (iamagenius00) and execute a shell script (install.sh). This presents a high risk of arbitrary code execution from an untrusted source.
  • [EXTERNAL_DOWNLOADS]: The skill depends on fetching code and scripts from a non-whitelisted third-party repository on GitHub.
  • [COMMAND_EXECUTION]: The skill directs the user to run shell commands to enable plugins (hermes plugins enable a2a) and modify environment variables, which alters the host's execution environment.
  • [PROMPT_INJECTION]: The architecture establishes a surface for indirect prompt injection by receiving JSON-RPC messages from external agents and injecting them into the current session context.
    • Ingestion points: Incoming network requests from remote agent endpoints directed to the local server on port 8081.
    • Boundary markers: None specified in the instructions to prevent the model from obeying instructions embedded in the injected messages.
    • Capability inventory: The skill registers tools like a2a_call and a2a_discover that allow the agent to interact with other network endpoints.
    • Sanitization: The skill claims to include injection filtering in security.py, but these mechanisms are unverified and may be bypassed.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 22, 2026, 10:49 PM
Security Audit — agent-trust-hub — hermes-a2a-setup