sendpulse

SUSPICIOUS: the skill’s stated purpose matches its capabilities, and the CLI install source appears legitimate, but it routes SendPulse authentication and API traffic through Membrane rather than directly to official SendPulse endpoints. That intermediary credential/data flow is a meaningful trust expansion, so this is not malicious but carries medium security risk.