conjur

SUSPICIOUS: the skill’s purpose and capabilities are broadly aligned, and the CLI install path is from an official registry, but the integration routes Conjur authentication and API traffic through Membrane rather than directly to official CyberArk endpoints. That third-party credential and data mediation is a meaningful trust and data-flow concern for a secrets-management skill, even without evidence of overtly malicious behavior.