preflight

SUSPICIOUS: the skill’s general purpose and required capabilities are coherent, and the CLI install path is official npm-based rather than an unverifiable binary. However, the core integration routes PreFlight access and authentication through Membrane as an intermediary, so user data and connected account operations do not flow directly to PreFlight. That third-party mediation is disclosed and plausibly part of the vendor’s platform, which keeps this below malicious, but it creates medium security risk and data-flow integrity concerns for a skill presented as a PreFlight integration.