A remote injection vulnerability has been identified in NousResearch hermes-agent up to version 2026.4.30. The vulnerability affects the _serve_plugin_skill/skill_view function in the tools/skills_tool.py file. Attackers can exploit this vulnerability remotely through manipulation techniques. The exploit has been publicly disclosed and is available for use. Despite early notification, the vendor has not responded to the disclosure. This vulnerability allows for injection attacks that can be performed from remote locations.