progress-sitefinity

SUSPICIOUS. The skill's capabilities broadly match its stated Sitefinity integration purpose, and the install path uses an official npm package rather than an unverified binary. The main concern is data-flow integrity: Sitefinity credentials and API traffic are routed through Membrane's intermediary platform and proxy, which expands trust beyond the official Progress service. This is disclosed and coherent, so it is not malicious, but it is medium risk due to credential mediation and third-party request proxying.