skill-yaml-audit-fix
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a bash script that executes an embedded Python script to scan the agent's local skills directory (~/.hermes/skills). This operation is confined to the agent's own operational environment for maintenance purposes.
- [DYNAMIC_EXECUTION]: The audit script correctly utilizes
yaml.safe_load()to process file content. This is a security best practice that prevents unsafe deserialization and potential code execution during YAML parsing. - [DATA_EXPOSURE]: File access is restricted to
SKILL.mdfiles within the agent's specific skill root. The skill does not attempt to access sensitive system files, environment variables, or user credentials.
Audit Metadata