pandadoc
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to install the
@membranehq/clipackage from the npm registry. This is the official CLI tool provided by the skill's author to facilitate platform integrations. - [COMMAND_EXECUTION]: The skill utilizes several CLI commands (e.g.,
membrane login,membrane connect,membrane action run) to interact with the PandaDoc API. These commands are used for legitimate authentication and data management tasks within the Membrane ecosystem. - [DATA_EXFILTRATION]: Authentication and credential management are handled server-side by the Membrane platform. This design avoids storing sensitive API keys or tokens locally in the agent's environment, mitigating risks associated with credential exposure.
- [PROMPT_INJECTION]: No evidence of prompt injection, instruction overrides, or safety filter bypass attempts were found in the skill's content.
Audit Metadata