pandadoc

SUSPICIOUS: The skill is broadly coherent with its stated PandaDoc integration purpose and uses an official-looking npm-distributed CLI from the same vendor, so it is not overtly malicious. The main risk is architectural: PandaDoc access and auth are funneled through Membrane as an intermediary service, with mutable CLI installation and potential local secret storage, which creates medium security risk but not confirmed malware.