craftmypdf
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the official Membrane CLI (
@membranehq/cli) from the npm registry. This is a legitimate tool provided by the author to facilitate the integration. - [COMMAND_EXECUTION]: The skill uses various
membraneCLI commands to authenticate, connect to services, and run PDF generation actions. These commands are limited to the skill's stated purpose and do not perform unauthorized system changes. - [DATA_EXFILTRATION]: The integration is designed to be secure by delegating credential management to a centralized platform. The instructions explicitly direct the agent not to handle or store sensitive user secrets like API keys.
Audit Metadata