skills/ninehills/skills/herdr/Gen Agent Trust Hub

herdr

Pass

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the herdr CLI to interact with a local daemon, allowing it to split terminal panes and execute shell commands within them. This is the primary function of the tool.
  • [EXTERNAL_DOWNLOADS]: The herdr integration install command is documented for adding support for various agents. This is a built-in feature of the herdr platform and originates from the tool vendor.
  • [DATA_EXFILTRATION]: The skill permits reading the output of other terminal panes via herdr pane read. This allows the agent to observe sibling sessions and logs locally within the herdr environment.
  • [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by design as it reads terminal output from untrusted sources (e.g., external logs or other agents). * Ingestion points: herdr pane read and herdr wait output. * Boundary markers: None specified in instructions. * Capability inventory: Command execution via herdr pane run. * Sanitization: None.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 21, 2026, 06:42 AM
Security Audit — agent-trust-hub — herdr