api2pdf
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from the official npm registry to facilitate API interactions. - [COMMAND_EXECUTION]: The skill uses the
membranecommand-line tool to perform various operations, including account authentication, searching for API connectors, and executing remote actions. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted external data, such as HTML code or URL content, during the conversion process.
- Ingestion points: Data enters the agent context through the results of conversion actions (HTML to PDF, URL to PDF) and proxy requests described in
SKILL.md. - Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the provided templates.
- Capability inventory: The skill has the ability to execute shell commands via the
membraneCLI as documented inSKILL.md. - Sanitization: There is no evidence of input validation or content filtering for the data being sent to or received from the Api2pdf API.
Audit Metadata