ukg-pro

SUSPICIOUS: The skill's stated purpose matches its capabilities, and the CLI comes from an official npm package, so this is not obviously malicious. However, UKG Pro authentication and HR data are funneled through Membrane-managed connections and proxy endpoints rather than direct UKG APIs, creating a notable third-party trust and data-flow risk that is broader than a plain UKG integration.