Security boundaries
Keep credentials and sensitive GIS data out of skills, use read-only execution first, and enforce writes in tools and infrastructure.
No credentials are bundled
The public repository contains no ArcGIS tokens, database URLs, OAuth state, private keys, cookies, client data, or live profile authentication. Public GIS services and open-data workflows may need no credential at all.
Keep required secrets in the protected Hermes profile environment, OS keychain, or an approved external secret store. Never place secret values in skills, memory, prompts, documentation, Git, issues, logs, screenshots, or generated examples.
Skills are guidance
Skills contribute procedures, validation checks, and safety instructions to the model context. They are not a sandbox or access-control system.
Enforce controls outside Markdown
Tool and infrastructure implementations must enforce least privilege, operation allowlists, target validation, input limits, previews, exact approval gates, idempotency, rollback, and secret-safe audit logging.
Read-only first
For initial verification:
- prefer public sources or read-only credentials;
- use bounded queries, explicit fields, limits, and timeouts;
- verify authority, license, freshness, schema, geometry, CRS, and counts;
- return source URLs, timestamps, filters, caveats, and failure modes;
- do not publish or modify authoritative content.
Writes and publishing
Before a GIS write, deployment, or hosted-content change:
- verify the exact organization, portal, item, layer, database, schema, branch, project, and deployment target;
- show the final arguments, diff, or preview;
- obtain approval for that exact operation;
- preserve rollback or previous-version evidence;
- verify the result from the authoritative system.
Private and sensitive data
Do not expose private owner information, precise protected-resource locations, client datasets, internal service metadata, or unapproved operational details. Apply data minimization, aggregation, redaction, and access controls appropriate to the use case.
Reporting a vulnerability
Follow the package
SECURITY.md.
Do not publish active credentials, exploit details, or sensitive affected data
in a public issue.