Skills
skills/hermai-ai/hermai-skills/hermai/Gen Agent Trust Hub

hermai

Pass

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches the hermai CLI binary and source code from the vendor's official GitHub repository (github.com/hermai-ai/hermai-cli).
  • [COMMAND_EXECUTION]: Utilizes a local CLI tool to perform network discovery, browser automation (headful and stealth), and authenticated request replaying.
  • [CREDENTIALS_UNSAFE]: Manages API keys and session cookies, storing them in the user's home directory (~/.hermai/). Includes functionality to import cookies directly from installed browsers to maintain authenticated sessions.
  • [REMOTE_CODE_EXECUTION]: Executes dynamic JavaScript (signer_js and bootstrap_js) defined in website schemas using a sandboxed engine (goja) to perform per-request signing and session bootstrapping.
  • [DATA_EXFILTRATION]: Designed to transmit authenticated requests (including session cookies and bearer tokens) to third-party domains as specified in the schemas provided by the central registry.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from various websites via the hermai extract and hermai probe commands. It mitigates risks by mapping data to structured JSON schemas and applying JSON-escaping to user-interpolated fields, reducing the attack surface for indirect prompt injection.
Audit Metadata
Risk Level
SAFE
Analyzed
May 10, 2026, 04:13 AM