amazon-sagemaker

This skill is a documentation/integration layer that directs users to install and use the Membrane CLI to interact with Amazon SageMaker. There is no direct malicious code in the provided text, but the architecture centralizes credential custody and all API traffic through Membrane. That design is a legitimate convenience but increases supply-chain and data-exposure risk: sensitive requests, models, and tokens flow through a third-party service. Additional concerns are standard for installing third-party global CLIs from npm (supply-chain compromise risk) and the ability to proxy arbitrary HTTP requests, which can be misused to exfiltrate data. Recommend review of Membrane's security, privacy, and data-retention policies before use, pinning CLI versions and verifying package provenance where possible, and opting for direct AWS integrations if custody of credentials must remain local.