ataccama

This SKILL.md describes a standard integration using the Membrane CLI to interact with Ataccama. There are no signs of embedded malicious code, obfuscation, or instructions to harvest credentials locally. The primary security considerations are supply-chain and trust decisions: installing the Membrane CLI (global npm install or unpinned npx usage) and routing all API traffic and credential management through the Membrane service centralizes trust in that third-party. Those are legitimate design choices for a managed integration but do represent supply-chain and data-flow risks that operators should accept knowingly. Recommend pinning CLI versions when reproducibility is required and reviewing Membrane's privacy/security docs before use.