Hermes
Reference

Security boundaries

Keep credentials and sensitive GIS data out of skills, use read-only execution first, and enforce writes in tools and infrastructure.

No credentials are bundled

The public repository contains no ArcGIS tokens, database URLs, OAuth state, private keys, cookies, client data, or live profile authentication. Public GIS services and open-data workflows may need no credential at all.

Keep required secrets in the protected Hermes profile environment, OS keychain, or an approved external secret store. Never place secret values in skills, memory, prompts, documentation, Git, issues, logs, screenshots, or generated examples.

Skills are guidance

Skills contribute procedures, validation checks, and safety instructions to the model context. They are not a sandbox or access-control system.

Enforce controls outside Markdown

Tool and infrastructure implementations must enforce least privilege, operation allowlists, target validation, input limits, previews, exact approval gates, idempotency, rollback, and secret-safe audit logging.

Read-only first

For initial verification:

  • prefer public sources or read-only credentials;
  • use bounded queries, explicit fields, limits, and timeouts;
  • verify authority, license, freshness, schema, geometry, CRS, and counts;
  • return source URLs, timestamps, filters, caveats, and failure modes;
  • do not publish or modify authoritative content.

Writes and publishing

Before a GIS write, deployment, or hosted-content change:

  1. verify the exact organization, portal, item, layer, database, schema, branch, project, and deployment target;
  2. show the final arguments, diff, or preview;
  3. obtain approval for that exact operation;
  4. preserve rollback or previous-version evidence;
  5. verify the result from the authoritative system.

Private and sensitive data

Do not expose private owner information, precise protected-resource locations, client datasets, internal service metadata, or unapproved operational details. Apply data minimization, aggregation, redaction, and access controls appropriate to the use case.

Reporting a vulnerability

Follow the package SECURITY.md. Do not publish active credentials, exploit details, or sensitive affected data in a public issue.

On this page