jira

SUSPICIOUS. The skill’s capabilities fit its Jira purpose, and the install path uses an official npm package rather than a raw download. However, all authentication and Jira access are mediated through Membrane’s third-party CLI/service instead of direct Atlassian APIs, creating moderate trust and data-flow risk; the unpinned `@latest` install and dynamic action creation add further caution.