github

The GitHub integration skill presents a coherent and proportionate footprint for its stated purpose: enabling GitHub data operations through Membrane with credentials managed server-side and API calls routed via Membrane's proxy. The install source is a legitimate registry, and no direct credential handling or unverified binaries appear in the documented flow. Data flows align with expected patterns for a managed integration, and permissions appear bounded to GitHub actions via the Membrane proxy. Overall, the skill is benign with respect to security risk, though continued monitoring of credential handling and proxy trust is advisable.