teamgantt

SUSPICIOUS. The skill’s capabilities mostly match its stated TeamGantt integration purpose, and the CLI install source appears to be the publisher’s official npm package. However, it routes API access and credential lifecycle through Membrane instead of directly to official TeamGantt endpoints, creating a third-party intermediary data flow that increases trust and privacy risk; the unpinned `npx @latest` usage adds minor supply-chain risk.