prisma

SUSPICIOUS. The skill is mostly coherent as a Prisma-via-Membrane integration guide, and its install path uses a plausible official npm package rather than an unverifiable binary. However, its true footprint is broader than a normal Prisma skill because all access, authentication, and proxy requests are funneled through Membrane instead of Prisma directly, creating intermediary credential and data-flow trust. This is not confirmed malware, but it carries medium security risk due to third-party credential handling, proxying of application data, and mutable CLI execution examples.