graphcms

SUSPICIOUS: The skill's capabilities broadly match its stated GraphCMS purpose and its install path uses the official npm registry, so this is not overtly malicious. However, it routes GraphCMS/Hygraph access and authentication through Membrane as an intermediary, creating meaningful third-party data-flow and credential-trust risk that is not strictly necessary for a CMS integration.