askyourpdf

The provided skill documentation describes a legitimate integration pattern: install the official-looking Membrane CLI from npm, authenticate via browser OAuth, and proxy AskYourPDF API calls through the Membrane backend. I find no direct indicators of malicious code, obfuscated payloads, or credential-harvesting instructions embedded in the documentation. The primary security considerations are supply-chain and third-party trust: installing a global npm package requires trusting the @membranehq package and trusting Membrane with user credentials and proxied API traffic. If the Membrane CLI or backend were compromised, credentials and proxied data could be exposed. Recommendation: verify the npm package publisher, review the CLI source code before installing in high-security environments, and evaluate whether routing requests through a third-party gateway is acceptable for your data-sensitivity requirements.