Skills
skills/aradotso/hermes-skills/hermes-ide-terminal/Gen Agent Trust Hub

hermes-ide-terminal

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill provides instructions to download and execute the official Rust toolchain installer using a shell pipe. This is the standard installation method for the Rust language.
  • Evidence: curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
  • [COMMAND_EXECUTION]: Includes instructions for installing required system libraries on Linux using the sudo command. This is standard for setting up the build environment for a Tauri/Rust application.
  • Evidence: sudo apt install libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf
  • [EXTERNAL_DOWNLOADS]: Directs the user to install the Claude CLI from the official Anthropic npm registry.
  • Package: @anthropic-ai/claude-cli
  • [PROMPT_INJECTION]: The skill describes an automated project scanning feature that ingests file contents into the agent's context to provide project awareness.
  • Ingestion points: src-tauri/src/project/scanner.rs (walks project directories to detect languages, frameworks, and dependencies).
  • Boundary markers: None explicitly documented in the provided code snippets.
  • Capability inventory: src-tauri/src/pty/mod.rs (provides full shell access via PTY management and terminal session creation).
  • Sanitization: No sanitization or filtering of external file content is shown prior to its use in the context-building logic.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 10:53 AM
Security Audit — agent-trust-hub — hermes-ide-terminal