docparser
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of @membranehq/cli from NPM. This is a legitimate tool provided by the vendor for interacting with their platform and is necessary for the skill's functionality.
- [COMMAND_EXECUTION]: The skill uses shell commands through the membrane CLI to manage connections and run Docparser actions. This is the intended operational model for the skill and relies on the user's terminal environment for execution.
- [DATA_EXFILTRATION]: The skill retrieves parsed data from Docparser. It uses a managed connection system that avoids exposing raw credentials to the agent or local environment, mitigating the risk of credential exposure.
- [PROMPT_INJECTION]: The skill processes data from external documents via Docparser actions like list-parsed-data. This represents a surface for indirect prompt injection.
- Ingestion points: Data returned by 'membrane action run' for Docparser parsing results.
- Boundary markers: None specified in the instructions.
- Capability inventory: Execution of shell commands via the membrane CLI.
- Sanitization: None specified in the instructions.
Audit Metadata