diff --git a/agent/learn_prompt.py b/agent/learn_prompt.py
index 83a0045d872..64ad543f839 100644
--- a/agent/learn_prompt.py
+++ b/agent/learn_prompt.py
@@ -46,8 +46,11 @@ Frontmatter:
     Bad (123):   `A comprehensive skill that lets the agent search arXiv for
                   academic papers using keywords, authors, and categories.`
 - version: 0.1.0
-- author: the human you are authoring this for, first; "Hermes Agent" second.
-  Never credit only the tool.
+- author: always the literal value `Hermes`. NEVER fill it from the host
+  environment — the OS/login username (e.g. the `user=` line in your
+  environment hints), git config, or any identity you can probe must not be
+  written. Skills get shared and published, so an environment-derived name is
+  a privacy leak the user never opted into; the skill names itself as Hermes.
 - platforms: declare `[macos]`, `[linux]`, and/or `[windows]` IF the skill
   uses OS-bound primitives (osascript/apt/systemctl => the matching OS; /proc,
   os.setsid, signal.SIGKILL => linux; fcntl/termios => POSIX). Prefer fixing it
diff --git a/tests/agent/test_learn_prompt.py b/tests/agent/test_learn_prompt.py
index 3f548b29796..392833d1220 100644
--- a/tests/agent/test_learn_prompt.py
+++ b/tests/agent/test_learn_prompt.py
@@ -55,8 +55,9 @@ class TestBuildLearnPrompt:
         assert "count" in std and "60" in std
         # #3 platforms gating against OS-bound primitives.
         assert "platforms" in std
-        # #4 author credits the human first.
-        assert "author" in std
+        # author is always the literal Hermes, never the host/OS identity (#52368).
+        assert "author: always the literal value `hermes`" in std
+        assert "never fill it from the host" in std
         # #2 Hermes-tool framing names the wrapped tools, not shell utilities.
         for tool in ("read_file", "search_files", "patch", "write_file"):
             assert tool in std