| 제목 | NousResearch hermes-agent 2026.4.23 Injection (CWE-74) |
|---|
| 설명 | # Technical Details
A multi-word prompt injection bypass exists in the skills threat detection logic in `agent/skills_guard.py` of hermes-agent.
The application fails to consistently apply flexible whitespace and multi-word matching regex across all threat patterns (`THREAT_PATTERNS`), specifically leaving the "system prompt override" and "new policy" patterns vulnerable to bypass by injecting extraneous filler words.
# Vulnerable Code
File: agent/skills_guard.py
Method: THREAT_PATTERNS definition
Why: While some regex patterns were patched to accommodate multi-word inclusions via `(?:\w+\s+)*`, critical filters like `r'system\s+prompt\s+override'` and `r'new\s+policy'` remain rigid. Injecting words such as `system prompt temporary override` evades the matcher.
# Reproduction
1. Create a malicious skill payload containing the phrase `system prompt temporary override`.
2. Submit the payload to the agent's `skills_guard.py` install process.
3. The regex fails to match the injected threat pattern, leading to the payload being accepted as a safe skill.
4. The system prompt is subsequently overridden implicitly without quarantine.
# Impact
- Evasion of "Critical" severity skill checks, allowing malicious skills to be installed into the workspace.
- Unauthorized manipulation of the agent's execution logic by persistently hijacking future sessions to run arbitrary malicious actions or override policies without detection. |
|---|
| 원천 | ⚠️ https://gist.github.com/YLChen-007/82a3539d6358842e69dfaef0a9fcf14a |
|---|
| 사용자 | Eric-i (UID 97584) |
|---|
| 제출 | 2026. 04. 24. PM 02:43 (1 월 ago) |
|---|
| 모더레이션 | 2026. 05. 23. AM 11:19 (29 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 365316 [NousResearch hermes-agent 까지 2026.4.23 Skills Guard Multi-Word Prompt agent/skills_guard.py THREAT_PATTERNS 권한 상승] |
|---|
| 포인트들 | 20 |
|---|