skill-routing-gov

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to run a maintenance script located at ~/.hermes/routing/verify-skill-index-parity.py to ensure the skill index matches the files on disk.
  • [COMMAND_EXECUTION]: The instructions include using npm ci --ignore-scripts to safely install dependencies for external skills while preventing the execution of arbitrary lifecycle scripts.
  • [EXTERNAL_DOWNLOADS]: The skill describes a process for cloning third-party GitHub repositories into a local directory (~/.hermes/external-repos/) for analysis and intake.
  • [SAFE]: The skill implements a robust security review policy, requiring the agent to examine external code for risks such as outbound network calls, credential handling, and local file system mutations before use.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 10:24 PM
Security Audit — agent-trust-hub — skill-routing-gov