Add Hermes Tweet trust record

[kriptoburak]

Summary

• Add Hermes Tweet v0.1.6 to the AgentGuard trust registry.
• Mark it as restricted with no filesystem access, no command execution, and a single public network host.
• Bind the record to an AgentGuard-compatible directory artifact hash for the released Hermes Tweet skill.

Eligibility

• Target repo is public, active, and MIT licensed.
• This uses AgentGuard's native trust-registry surface.
• Existing Flag social account actions in network detector #102 covered social-action detection and is not duplicated here.

Validation

• jq registry shape and record-key check
• git diff --check
• Public evidence link checks for the release and skill file
• npm ci completed; it reports 13 existing dependency audit findings
• npm run build
• npm test (415 passing)

[github-actions]

AgentGuard PR Review

1. medium — data/registry.json hunk

   • The new registry entry is trusted solely based on a single commit/hash reference, but there is no evidence in the diff that the referenced artifact hash is independently verified against the fetched package contents at install/use time.
   • What can go wrong: a mismatched or replaced artifact under the same tag/commit could be treated as trusted, allowing an unintended skill payload to be approved.
   • Fix: enforce verification that the resolved package contents exactly match artifact_hash before activating the record, and reject any tag/commit resolution that does not match the recorded hash.

2. low — data/registry.json hunk

   • The trust record sets network_allowlist to only xquik.com, but there is no validation shown that the runtime blocks all other outbound destinations for this skill.
   • What can go wrong: if allowlist enforcement is incomplete, the skill could still exfiltrate data or reach arbitrary endpoints despite being marked restricted.
   • Fix: ensure policy enforcement uses this allowlist as a hard deny-by-default network gate and add a test that requests to non-allowlisted hosts are blocked.

[kriptoburak]

Follow-up on the automated review:

• Pinned evidence refs to immutable commit b92e90e787c851dfb1820e065289130483117ffe.
• Removed secret grants from the record.
• Added a 90-day expiry for revalidation.
• Re-ran jq, git diff --check, npm run build, and npm test locally. Target CI is green.

The remaining notes ask for registry-wide install/use-time verification and network enforcement tests. I did not add those broader policy changes in this data-record PR.