If you discover a vulnerability in hermes-github-launch, please email
Rishiidev rather than opening a public issue. We'll respond within 72 hours.
This is a skill file (markdown) that orchestrates gh api calls. The
attack surface is limited to:
- Secrets accidentally committed by the skill to a user's repo (mitigated by pre-flight safety checks in Step 1 of the pipeline)
- Misuse of
gh_saferate-limit guard wrapper - GitHub Pages custom-domain misconfiguration
Email Rishiidev via GitHub with:
- A description of the issue
- Steps to reproduce
- Expected vs actual behavior