hermes-history-ingest
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill operates entirely on the local file system, reading from the agent's history directory (~/.hermes) and writing to an Obsidian wiki vault. No network operations (data exfiltration) or external connection patterns were found.
- [SAFE]: The instructions include robust privacy and safety guardrails, explicitly commanding the agent to identify and redact sensitive information such as API keys, tokens, passwords, and credentials before they are ingested into the wiki.
- [SAFE]: No shell commands, subprocess calls, or privilege escalation attempts are present in the skill instructions or reference files.
- [PROMPT_INJECTION]: While the skill processes conversation history which could contain untrusted instructions (Indirect Prompt Injection), the risk is mitigated by explicit instructions to summarize content rather than quote verbatim and the absence of dangerous executable tools or network access.
Audit Metadata