herdr-pm-agent
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on several CLI tools, including
herdr,git, andgh, to manage workspaces, track repository state, and interact with terminal panes. These operations are executed via the providedpm.pyandresolve_ids.pyhelper scripts. - [EXTERNAL_DOWNLOADS]: The documentation suggests the installation of
sessionrfrom the author's repository (github.com/yigitkonur/cli-sessionr) to enable deep history analysis. As this is a vendor-owned resource, it is a standard extension of the skill's functionality. - [REMOTE_CODE_EXECUTION]: The skill's primary function is to orchestrate other agents by sending shell commands and slash-commands (e.g.,
/compact,/plan,/simplify) into their respective panes. It can also spawn parallel 'executor lanes' in git worktrees, which involves starting new agent processes. - [DATA_EXFILTRATION]: The agent reads local session transcripts and state data from
~/.claude/projects/and~/.local/state/herdr-pm/. To mitigate risk, the instructions explicitly mandate a 'Secret-scan' before any write operation to scrub API keys, tokens, or sensitive credentials from its output. - [PROMPT_INJECTION]: While the skill contains extensive instructions for managing other agents, these are operational guidelines (e.g., 'mission-grade instructions') rather than attempts to bypass the model's safety guardrails. The instructions focus on maintaining context and verifying task completion.
Audit Metadata