pdfco
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @membranehq/cli tool from the npm registry. This is an official vendor package used to interface with the Membrane platform.
- [COMMAND_EXECUTION]: The skill utilizes the membrane command-line interface to perform authentication, connection management, and to execute PDF processing tasks.
- [PROMPT_INJECTION]: The skill processes data from external PDF files which constitutes an indirect prompt injection surface. • Ingestion points: Content from PDF files processed via PDF.co integration (SKILL.md). • Boundary markers: None specified in the instructions. • Capability inventory: Execution of membrane CLI commands (SKILL.md). • Sanitization: No explicit sanitization or validation of the processed PDF content is described.
Audit Metadata