pp-weather-goat

Pass

Audited by Gen Agent Trust Hub on May 23, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and execute code from the author's npm package @mvanhorn/printing-press using npx.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the CLI tool and MCP server directly from the author's GitHub repository github.com/mvanhorn/printing-press-library via go install.
  • [COMMAND_EXECUTION]: The skill relies on the execution of shell commands for installation, verification, and operation of the weather utility binary.
  • [DATA_EXFILTRATION]: The CLI tool includes a --deliver flag that enables the transmission of command output to arbitrary external webhook URLs.
  • [DATA_EXFILTRATION]: The feedback command supports sending local log data to a remote endpoint if the WEATHER_GOAT_FEEDBACK_ENDPOINT environment variable is set by the user or system.
Audit Metadata
Risk Level
SAFE
Analyzed
May 23, 2026, 04:27 AM
Security Audit — agent-trust-hub — pp-weather-goat