pp-usgs-earthquakes
Pass
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the
usgs-earthquakes-pp-clitool vianpxfrom the@mvanhorn/printing-press-librarynpm package and viago installfrom thegithub.com/mvanhorn/printing-press-libraryrepository. Both resources are hosted on well-known services and belong to the skill's identified vendor. - [COMMAND_EXECUTION]: The
watchcommand includes a--notifyparameter designed to execute shell commands as hooks when new events are detected. This is a documented feature for system integration. - [DATA_EXFILTRATION]: The CLI provides a
--deliver webhook:<url>capability, allowing earthquake data to be sent to external HTTP endpoints for reporting or automation purposes. - [PROMPT_INJECTION]: The skill processes external USGS GeoJSON feeds. While this represents a surface for indirect prompt injection (Category 8), the capabilities are limited to the tool's earthquake monitoring functions and do not bypass agent safety constraints.
Audit Metadata