payload-cms

SUSPICIOUS. The skill’s capabilities broadly match its stated purpose, and the install path uses an official npm package rather than an unknown downloader. However, the core integration depends on routing authentication and API traffic through Membrane instead of talking directly to Payload CMS, creating a third-party credential and data handling trust boundary. Risk is medium due to intermediary data flow and mutable CLI installs, not clear malware.