sparkpost

SUSPICIOUS: The skill’s capabilities broadly match its stated SparkPost purpose, and installation uses an official npm package rather than an unverifiable binary. However, all SparkPost access is funneled through Membrane’s CLI/service and proxy, so credentials and data are entrusted to a third-party intermediary instead of flowing directly to SparkPost. That makes the skill internally coherent but medium-risk due to expanded trust and indirect data flow.