mailcoach

SUSPICIOUS: the skill's Mailcoach purpose is plausible, and the Membrane CLI appears to be an official package, but the actual integration is mediated through Membrane's account, CLI, and proxy rather than direct Mailcoach APIs. That makes credential and data flow broader than necessary for a Mailcoach skill and introduces medium risk, especially with mutable `npx @latest` execution.