Skills were poisoning every memory store and a skill delete could wipe the working tree (unreleased)
What this changes for operators
- June 16 commits (main) stop a /skill invocation poisoning every connected memory provider with its raw body, and add tree-escape validation so an agent-triggered skill delete cannot rmtree outside the skills root (a fix ported from an incident that wiped another tool user's working directory). The self-improving-agent risk class made concrete.
Signal metadata
Source findings
- 2026-06-16-hermes-agent-skill-memory-poisoning-fixes 2026-06-16-hermes-agent-skill-memory-poisoning-fixes
Run: 2026-06-16-weekly-digest-2026-06-04_2026-06-16-frontier-v0
Schema: bitter.frontier_signals.v0 · ID: 2026-06-16-hermes-skill-self-harm-fixes
Signals are produced by the Bitter autonomous research loop.