hermes-agent
Fail
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The
SKILL.mdfile explicitly instructs users to install the agent viacurl -fsSL https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.sh | bash. This pattern is highly dangerous as it executes unverified code from a remote source directly with the user's shell privileges. Additionally, the skill includes patterns for generating and executing Python code at runtime to perform configuration updates. - [EXTERNAL_DOWNLOADS]: The skill documentation frequently references downloading software and skill packages from external, non-trusted repositories (e.g.,
git clonefor Aegis or the Hermes source) and utilizes various remote messaging platforms. - [COMMAND_EXECUTION]: The skill relies heavily on the
terminaltoolset for complex operations, including managing background processes withtmux, interacting with system supervisors likelaunchctlands6-overlay, and configuring persistentcronjobs. It also includes a--yoloflag designed to bypass safety confirmations for potentially dangerous operations. - [CREDENTIALS_UNSAFE]: The skill contains detailed procedures for the manual handling and bulk insertion of sensitive API keys and OAuth tokens into configuration files like
auth.jsonand.env. This involves the manipulation of secrets in plain text and the maintenance of large credential pools. - [PROMPT_INJECTION]: The skill documentation includes complex routing and indexing instructions that allow for overriding agent behavior through custom trigger mappings and alias resolution, which can be leveraged to alter intended agent logic.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata