workfront

SUSPICIOUS. The skill's capabilities largely match its stated Workfront integration purpose, and the CLI install path is from the official npm registry. However, all Workfront access is funneled through Membrane's third-party proxy/service instead of Adobe's native API path, so credentials and data are mediated by an additional vendor; this is documented and plausible, but it raises medium trust and data-flow risk rather than looking overtly malicious.