skill-yaml-audit-fix

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes a bash script that executes an embedded Python script to scan the agent's local skills directory (~/.hermes/skills). This operation is confined to the agent's own operational environment for maintenance purposes.
  • [DYNAMIC_EXECUTION]: The audit script correctly utilizes yaml.safe_load() to process file content. This is a security best practice that prevents unsafe deserialization and potential code execution during YAML parsing.
  • [DATA_EXPOSURE]: File access is restricted to SKILL.md files within the agent's specific skill root. The skill does not attempt to access sensitive system files, environment variables, or user credentials.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 01:36 AM
Security Audit — agent-trust-hub — skill-yaml-audit-fix