mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-06-27 11:22:03 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

fix(learn): name distilled skills as author Hermes, not the host OS user (#52388)

Browse source 
/learn told the agent to fill the skill `author` field, and the system
prompt environment probe surfaces the OS login name (user=$(whoami) in
prompt_builder.py), so the model wrote the host username into published
SKILL.md frontmatter — a privacy leak the user never opted into, and
inconsistent run to run as the most-salient identity changed.

The /learn authoring prompt now sets `author` to the literal value
`Hermes` and explicitly forbids deriving it from the host environment
(OS/login user, git config, or any probeable identity). The skill names
itself as the tool that wrote it.

Closes #52368.
This commit is contained in:
Teknium 2026-06-25 12:48:08 -07:00 committed by GitHub
parent 4efec63a34
commit d7021af30f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 8 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

7
agent/learn_prompt.py
View file

@ -46,8 +46,11 @@ Frontmatter:
Bad (123): `A comprehensive skill that lets the agent search arXiv for
academic papers using keywords, authors, and categories.`
- version: 0.1.0
- author: the human you are authoring this for, first; "Hermes Agent" second.
Never credit only the tool.
- author: always the literal value `Hermes`. NEVER fill it from the host
environment the OS/login username (e.g. the `user=` line in your
environment hints), git config, or any identity you can probe must not be
written. Skills get shared and published, so an environment-derived name is
a privacy leak the user never opted into; the skill names itself as Hermes.
- platforms: declare `[macos]`, `[linux]`, and/or `[windows]` IF the skill
uses OS-bound primitives (osascript/apt/systemctl => the matching OS; /proc,
os.setsid, signal.SIGKILL => linux; fcntl/termios => POSIX). Prefer fixing it

5
tests/agent/test_learn_prompt.py
View file

@ -55,8 +55,9 @@ class TestBuildLearnPrompt:
assert "count" in std and "60" in std
# #3 platforms gating against OS-bound primitives.
assert "platforms" in std
# #4 author credits the human first.
assert "author" in std
# author is always the literal Hermes, never the host/OS identity (#52368).
assert "author: always the literal value `hermes`" in std
assert "never fill it from the host" in std
# #2 Hermes-tool framing names the wrapped tools, not shell utilities.
for tool in ("read_file", "search_files", "patch", "write_file"):
assert tool in std