html-2-pdf

SUSPICIOUS: the skill’s purpose and capabilities mostly align, and the CLI comes from an official registry tied to the publisher, so this is not overt malware. However, it routes authentication, requests, and potentially document contents through Membrane instead of directly to the official HTML 2 PDF API, creating meaningful third-party credential and data-handling risk; the mutable `@latest` global CLI install adds moderate supply-chain risk.