display-video-360

SUSPICIOUS: The skill’s capabilities largely match its stated purpose, and the CLI install path is consistent with the publisher. The main risk is architectural: all Display & Video 360 access and credential handling are routed through Membrane, a third-party intermediary, plus the docs suggest an unpinned `npx @latest` command. This looks like a legitimate integration pattern, but it requires broader trust in Membrane than a direct Google API integration and can perform consequential remote actions.