e-goi

SUSPICIOUS. The skill’s capabilities largely match its stated E-goi integration purpose, and the CLI comes from an apparently official npm package. However, the integration routes authentication and E-goi operations through Membrane rather than directly to E-goi, creating a meaningful third-party trust and data-flow boundary; combined with an unpinned CLI install and write-capable actions, this makes the skill medium risk rather than benign.