foundriesio

SUSPICIOUS: the skill’s purpose and commands are internally coherent for a Foundries.io integration, and the install path uses npm rather than an unverifiable binary. However, all authentication and API traffic are funneled through Membrane’s third-party connection/proxy layer, expanding trust beyond direct Foundries.io access, and the docs include an unpinned `@latest` CLI invocation. This looks like a legitimate integration pattern with medium security risk, not confirmed malware.