shortcut

SUSPICIOUS: the core capability fits project-management automation, and the CLI install path is reasonably legitimate, but the skill is not a direct Shortcut integration. It requires trust in Membrane as an intermediary for authentication, data access, and action execution, which expands credential and data exposure beyond what the title suggests. Main risk is third-party credential/data routing, not confirmed malware.