One thing I would generally love is having only restricted permissions for each skill. This is especially handy when your installing random skills from e.g. a skill store/a github url/… in the future.
So the skill has to specify what it requires beforehand and only gets access to these things (apparently in a skill store you would be able to see what it want to access, basically similar to the access questions on your phone when it wants to access certain components)
The skill can specify e.g. what messages it is interested in (for most skills it is probably enough to route
hermes/intent/<user>:<skillName> and the dialog topics. In the same way the skill can specify e.g. whether it requires ethernet.
Running them all with access to every mqtt topic and ethernet makes it basically possible to do some quite invasive stuff (e.g. permanently trigger recordings and send them somewhere into the cloud). This way I can install e.g. skills that do not require internet or do require internet, but are only interested in their own topics without having to worry about their implementation on each update.
I did not use AppDaemon yet, so maybe something along these lines can be implemented there