oh-my-hermes-workflow

SUSPICIOUS. The stated purpose matches a DevOps automation skill, but the actual footprint is very broad and the installation trust is poor: a branded ara.so/Hermes workflow is installed by executing a mutable raw script from an unrelated personal GitHub repo. The skill also centralizes many high-value credentials and enables autonomous repo/deployment actions, so the scope and credential exposure are high relative to the unverifiable install path.