github-actions

SUSPICIOUS: The skill's core purpose is coherent, and the CLI install path is official npm-based, but the actual data flow is not direct GitHub API access. Authentication and requests are brokered through Membrane, a third-party intermediary, which increases trust and credential-routing risk beyond a typical GitHub Actions integration. Overall this looks like a legitimate integration skill with medium security risk from proxy-based data flow and unpinned CLI execution, not confirmed malware.