buildbuddy

SUSPICIOUS: The skill’s purpose broadly matches its capabilities, and the CLI install path is a normal npm-based distribution rather than a raw payload. However, the integration is not direct: it requires a Membrane account and routes BuildBuddy access, authentication, and proxy requests through Membrane infrastructure, expanding the trust boundary and exposing BuildBuddy data to an intermediary service. Combined with unpinned CLI execution (`@latest`), this is a medium-risk skill rather than clearly benign.