askyourpdf
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation includes instructions to install the
@membranehq/cliglobally via NPM. This is an official utility provided by the skill's author (membranedev) and is a trusted resource for the intended functionality. - [COMMAND_EXECUTION]: The skill uses various
membraneCLI commands such asmembrane connect,membrane action run, andmembrane request. These commands are standard for interacting with the Membrane platform and do not involve suspicious or unauthorized command execution. - [CREDENTIALS_UNSAFE]: The skill explicitly follows best practices by instructing users to let Membrane handle credentials server-side via connections, rather than asking for or hardcoding API keys.
- [PROMPT_INJECTION]: The skill provides an interface for interacting with external PDF content through the AskYourPDF service, which constitutes an indirect prompt injection surface.
- Ingestion points: External PDF documents are processed via actions like
chat-with-documentandsummarize-documentas described in SKILL.md. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the provided documentation.
- Capability inventory: The skill allows for executing API actions (
membrane action run) and making authenticated proxy requests (membrane request). - Sanitization: No specific sanitization or filtering of PDF content is described in the skill's operational instructions.
Audit Metadata