Skills
skills/nousresearch/hermes-agent/github-pr-workflow/Gen Agent Trust Hub

github-pr-workflow

Fail

Audited by Gen Agent Trust Hub on Apr 27, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill includes logic to scan and extract GitHub authentication tokens from ~/.git-credentials and ~/.hermes/.env (SKILL.md, Quick Auth Detection). Reading and parsing the global git credential helper storage is a high-risk operation that exposes long-lived secrets.
  • [COMMAND_EXECUTION]: The skill pipes JSON data fetched from the GitHub API directly into python3 -c for parsing and printing (SKILL.md, Section 4). While the Python logic is static, the pattern of passing network-retrieved data into an interpreter is a significant risk surface.
  • [PROMPT_INJECTION]: The "Auto-Fixing CI Failures" workflow (SKILL.md, Section 5) ingests raw log files from GitHub Actions. These logs, which can be influenced by external code or contributors, are processed without sanitization, creating a surface for indirect prompt injection.
  • Ingestion points: gh run view --log-failed and files extracted from ci-logs.zip (SKILL.md)
  • Boundary markers: Absent; the agent is instructed to read logs directly to understand errors.
  • Capability inventory: File system access, network operations via curl, and command execution via git and python3 (SKILL.md).
  • Sanitization: None; the skill uses cat to output log contents for agent processing.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 27, 2026, 07:07 AM