hermes-agent

Fail

Audited by Snyk on Jun 23, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.70). Most entries point to legitimate documentation and well-known services (NousResearch docs, GitHub, PyPI, Apple, localhost), but there are risky items — a raw install script (raw.githubusercontent.com .../install.sh) which invites curl|bash execution, a third‑party GitHub repo (GanyuanRan/Aegis) that should be security-reviewed before installing, and an unfamiliar domain (dc.hhhl.cc) used for provider endpoints — any of which could be used to distribute malware if run without inspection.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). Hermes can ingest outsider-authored free text via messaging-platform gateway inputs (e.g., Telegram/Discord/Slack/etc.) and voice transcription, which are then appended into the agent’s LLM message context during the runtime conversation loop.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Issues (3)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 23, 2026, 01:57 PM
Issues
3
Security Audit — snyk — hermes-agent