section

SUSPICIOUS. The install path is relatively benign and same-vendor via npm, but the skill's core design routes Section authentication and API traffic through Membrane as an intermediary rather than directly to official Section endpoints. That third-party credential handling and proxying are significant data-flow and trust-boundary concerns, even though they are openly disclosed.