Skip to content

Security: Rishiidev/hermes-github-launch

Security

SECURITY.md

Security

If you discover a vulnerability in hermes-github-launch, please email Rishiidev rather than opening a public issue. We'll respond within 72 hours.

Scope

This is a skill file (markdown) that orchestrates gh api calls. The attack surface is limited to:

  • Secrets accidentally committed by the skill to a user's repo (mitigated by pre-flight safety checks in Step 1 of the pipeline)
  • Misuse of gh_safe rate-limit guard wrapper
  • GitHub Pages custom-domain misconfiguration

Reporting

Email Rishiidev via GitHub with:

  • A description of the issue
  • Steps to reproduce
  • Expected vs actual behavior

There aren't any published security advisories