contentful

SUSPICIOUS. The skill’s capabilities largely match its stated Contentful-management purpose, and the CLI install path appears to be an official npm-distributed tool rather than a deceptive payload. However, all authentication and API traffic are routed through Membrane as a third-party intermediary, so credentials and Contentful data are not kept strictly on official Contentful endpoints. This is coherent with the skill’s design but increases trust and data-flow risk beyond a direct Contentful integration.