adobe-commerce

SUSPICIOUS. The skill's purpose and capabilities are mostly coherent, and the CLI comes from npm rather than a raw installer, so this is not overtly malicious. However, all authentication and Adobe Commerce API traffic are routed through Membrane's third-party control plane/proxy instead of directly to Adobe, and the skill uses mutable `@latest` installs. That makes the trust and data-flow footprint moderately risky but still plausible for the stated integration purpose.