salesforce-dmp

SUSPICIOUS: the skill's stated Salesforce purpose is plausible, and its install path is mostly legitimate, but the actual data flow is centered on Membrane as a third-party intermediary for authentication, request proxying, and credential refresh. That proxy architecture is a meaningful trust expansion beyond a direct Salesforce integration, so the skill is not malicious on its face but carries medium security risk from credential mediation and routed data flows.