The only risk here is that the inside Hermes might suggest your wife taking some action that ends up revealing private details to the internet.

It’s a bit convoluted, but the way it looks is: 1. Your internet facing one is prompt injected. 2. It stores a prompt injection in the transcript that will be passed to the sealed one. 3. Sealed one reads it and ends up following suggestions to recommend some action you or your wife takes that compromises you.

“Oh, I recommend you visit this hotel based on these results. Book with your phone!” shows QR code that exfiltrates secrets