lattice

SUSPICIOUS. The skill's core purpose is coherent, and the CLI install source appears to be an official Membrane npm package rather than an unknown payload. However, all Lattice access is mediated through Membrane's third-party service and proxy layer, so credentials and business data do not flow directly to Lattice. That indirect data path is openly documented and may be legitimate for this platform, but it materially increases trust and privacy risk compared with a direct official API integration.