power-automate

SUSPICIOUS: The skill’s capabilities broadly match its stated Power Automate integration purpose, and the CLI install path is an official npm-based distribution rather than an obvious malware lure. However, the core design routes authentication and API traffic through Membrane as an intermediary, expanding trust and exposing credentials/data to a third-party platform; combined with an unpinned `npx @latest` example and broad proxy access, this creates medium security risk despite no clear evidence of malicious intent.