From d7021af30f449b5372a8b86c83f84bcefc6a4cef Mon Sep 17 00:00:00 2001
From: Teknium <127238744+teknium1@users.noreply.github.com>
Date: Thu, 25 Jun 2026 12:48:08 -0700
Subject: [PATCH] fix(learn): name distilled skills as author Hermes, not the
 host OS user (#52388)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

/learn told the agent to fill the skill `author` field, and the system
prompt environment probe surfaces the OS login name (user=$(whoami) in
prompt_builder.py), so the model wrote the host username into published
SKILL.md frontmatter — a privacy leak the user never opted into, and
inconsistent run to run as the most-salient identity changed.

The /learn authoring prompt now sets `author` to the literal value
`Hermes` and explicitly forbids deriving it from the host environment
(OS/login user, git config, or any probeable identity). The skill names
itself as the tool that wrote it.

Closes #52368.
---
 agent/learn_prompt.py            | 7 +++++--
 tests/agent/test_learn_prompt.py | 5 +++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/agent/learn_prompt.py b/agent/learn_prompt.py
index 83a0045d872..64ad543f839 100644
--- a/agent/learn_prompt.py
+++ b/agent/learn_prompt.py
@@ -46,8 +46,11 @@ Frontmatter:
     Bad (123):   `A comprehensive skill that lets the agent search arXiv for
                   academic papers using keywords, authors, and categories.`
 - version: 0.1.0
-- author: the human you are authoring this for, first; "Hermes Agent" second.
-  Never credit only the tool.
+- author: always the literal value `Hermes`. NEVER fill it from the host
+  environment — the OS/login username (e.g. the `user=` line in your
+  environment hints), git config, or any identity you can probe must not be
+  written. Skills get shared and published, so an environment-derived name is
+  a privacy leak the user never opted into; the skill names itself as Hermes.
 - platforms: declare `[macos]`, `[linux]`, and/or `[windows]` IF the skill
   uses OS-bound primitives (osascript/apt/systemctl => the matching OS; /proc,
   os.setsid, signal.SIGKILL => linux; fcntl/termios => POSIX). Prefer fixing it
diff --git a/tests/agent/test_learn_prompt.py b/tests/agent/test_learn_prompt.py
index 3f548b29796..392833d1220 100644
--- a/tests/agent/test_learn_prompt.py
+++ b/tests/agent/test_learn_prompt.py
@@ -55,8 +55,9 @@ class TestBuildLearnPrompt:
         assert "count" in std and "60" in std
         # #3 platforms gating against OS-bound primitives.
         assert "platforms" in std
-        # #4 author credits the human first.
-        assert "author" in std
+        # author is always the literal Hermes, never the host/OS identity (#52368).
+        assert "author: always the literal value `hermes`" in std
+        assert "never fill it from the host" in std
         # #2 Hermes-tool framing names the wrapped tools, not shell utilities.
         for tool in ("read_file", "search_files", "patch", "write_file"):
             assert tool in std