ansible

This SKILL.md describes a legitimate-seeming Ansible integration that relies on the Membrane service and its CLI. There are no direct malicious code snippets, download-execute chains, or instructions to read local secret files. The main security considerations are supply-chain and trust decisions: installing and executing the @membranehq CLI (npm) and routing credentials/requests through the Membrane service centralizes sensitive data and requires trusting that operator. If Membrane is trusted, the documented workflow is coherent and proportionate for the stated purpose. If the operator is not trusted or you require stricter data locality, this integration is not appropriate. Overall risk is moderate primarily because of third-party credential routing and unpinned npm installs; there is no clear malicious intent in the provided content.