| tiêu đề | NousResearch hermes-agent 2026.4.23 Injection (CWE-74) |
|---|
| Mô tả | # Technical Details
A multi-word prompt injection bypass exists in the skills threat detection logic in `agent/skills_guard.py` of hermes-agent.
The application fails to consistently apply flexible whitespace and multi-word matching regex across all threat patterns (`THREAT_PATTERNS`), specifically leaving the "system prompt override" and "new policy" patterns vulnerable to bypass by injecting extraneous filler words.
# Vulnerable Code
File: agent/skills_guard.py
Method: THREAT_PATTERNS definition
Why: While some regex patterns were patched to accommodate multi-word inclusions via `(?:\w+\s+)*`, critical filters like `r'system\s+prompt\s+override'` and `r'new\s+policy'` remain rigid. Injecting words such as `system prompt temporary override` evades the matcher.
# Reproduction
1. Create a malicious skill payload containing the phrase `system prompt temporary override`.
2. Submit the payload to the agent's `skills_guard.py` install process.
3. The regex fails to match the injected threat pattern, leading to the payload being accepted as a safe skill.
4. The system prompt is subsequently overridden implicitly without quarantine.
# Impact
- Evasion of "Critical" severity skill checks, allowing malicious skills to be installed into the workspace.
- Unauthorized manipulation of the agent's execution logic by persistently hijacking future sessions to run arbitrary malicious actions or override policies without detection. |
|---|
| Nguồn | ⚠️ https://gist.github.com/YLChen-007/82a3539d6358842e69dfaef0a9fcf14a |
|---|
| Người dùng | Eric-i (UID 97584) |
|---|
| Đệ trình | 24/04/2026 14:43 (cách đây 1 tháng) |
|---|
| Kiểm duyệt | 23/05/2026 11:19 (29 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 365316 [NousResearch hermes-agent đến 2026.4.23 Skills Guard Multi-Word Prompt agent/skills_guard.py THREAT_PATTERNS nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|