Skills
skills/chujianyun/skills/hermes-ops/Gen Agent Trust Hub

hermes-ops

Pass

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on the hermes CLI for its core functionality, instructing the agent to execute commands for status checks, service management (e.g., hermes gateway restart), and diagnostic repairs.
  • [DATA_EXFILTRATION]: The instructions direct the agent to read and modify sensitive local configuration files, including .env files, config.yaml, and contents within the ~/.hermes/ directory, which may contain environment-specific secrets or operational data.
  • [CREDENTIALS_UNSAFE]: The skill includes instructions and commands for managing authentication credentials and providers using hermes auth list, hermes auth add, and hermes auth reset.
  • [INDIRECT_PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it requires the agent to parse and act upon output from diagnostic tools like hermes doctor or hermes status without using explicit boundary markers or output sanitization.
  • Ingestion points: Tool outputs from hermes status, hermes doctor, and hermes gateway status are ingested into the agent's context.
  • Boundary markers: Absent; the instructions do not specify delimiters for separating tool output from instructions.
  • Capability inventory: The skill allows for shell command execution, service restarts, and file system modifications (config and source code).
  • Sanitization: Absent; there is no mention of filtering or validating the output from the Hermes CLI before the agent processes it.
  • [DYNAMIC_EXECUTION]: The skill permits the agent to modify local source code and configuration files at runtime to resolve identified bugs or misconfigurations.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 12, 2026, 07:31 AM