pp-usgs-earthquakes

Pass

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the usgs-earthquakes-pp-cli tool via npx from the @mvanhorn/printing-press-library npm package and via go install from the github.com/mvanhorn/printing-press-library repository. Both resources are hosted on well-known services and belong to the skill's identified vendor.
  • [COMMAND_EXECUTION]: The watch command includes a --notify parameter designed to execute shell commands as hooks when new events are detected. This is a documented feature for system integration.
  • [DATA_EXFILTRATION]: The CLI provides a --deliver webhook:<url> capability, allowing earthquake data to be sent to external HTTP endpoints for reporting or automation purposes.
  • [PROMPT_INJECTION]: The skill processes external USGS GeoJSON feeds. While this represents a surface for indirect prompt injection (Category 8), the capabilities are limited to the tool's earthquake monitoring functions and do not bypass agent safety constraints.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 27, 2026, 10:34 PM
Security Audit — agent-trust-hub — pp-usgs-earthquakes