nabla

SUSPICIOUS: The skill’s capabilities mostly match its purpose, and the install path uses an official npm package rather than an unverifiable binary. The main issue is data-flow integrity: Nabla access is routed through Membrane as a third-party intermediary that handles authentication and proxy requests, which is a notable trust expansion for sensitive healthcare data. Combined with unpinned `npx @latest`, this makes the skill medium risk rather than benign.