Security Audit
PandaDoc Automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
PandaDoc Automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Arbitrary Webhook URL allows Data Exfiltration.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary Webhook URL allows Data Exfiltration The `PANDADOC_CREATE_WEBHOOK` tool allows the agent to specify an arbitrary `url` for receiving notifications. If an attacker can prompt the agent to create a webhook pointing to an attacker-controlled server, sensitive PandaDoc event data (e.g., document state changes, recipient completion, potentially document content if configured in `payload`) could be exfiltrated to the attacker. This exposes a direct channel for data exfiltration controlled by the agent's output. Implement strict URL validation and/or allow-listing for webhook URLs within the agent's execution environment or the Composio platform. The agent should confirm with the user before creating webhooks to external, untrusted domains. Consider restricting the types of data included in webhook payloads or redacting sensitive information. | Static | SKILL.md:93 |
Scan History
Embed Code
[](https://skillshield.io/report/cb4a7acb9bf4db86)
Powered by SkillShield