What happened
A path traversal flaw in hermes-agent's skill-viewing tool function allows crafted 'Name' arguments to escape the intended skills directory and read arbitrary files on the host.
Why it matters
hermes-agent has had a cluster of disclosed vulnerabilities this week; this is a distinct, remotely-triggerable file-read primitive that could expose configuration secrets or credentials on hosts running the framework, though its blast radius remains limited to this single project.
Attack vector
The skill_view function in tools/skills_tool.py fails to sanitize the Name argument, allowing a remote attacker to traverse the filesystem via crafted path values. The exploit has been publicly disclosed.
Affected systems
NousResearch hermes-agent 2026.5.29.2
Mitigation
Check the hermes-agent repository for a patched release; sanitize or allowlist skill-name path components pending an upstream fix.