Skills
skills/frostmute/hermes-clipper/clipping/Gen Agent Trust Hub

clipping

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the hermes-clip command-line utility to perform content writing and vault management.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface because it incorporates data from untrusted external URLs into its processing logic.
  • Ingestion points: External web content is fetched and analyzed in SKILL.md to determine folder paths, authors, and themes.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the logic that processes extracted Markdown.
  • Capability inventory: The skill can read local files via grep and write to the filesystem via the hermes-clip tool.
  • Sanitization: The skill lacks documented sanitization or validation of web content before it is analyzed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 09:43 AM