zitadel

SUSPICIOUS. The skill is largely coherent with its stated ZITADEL integration purpose and uses a normal npm-distributed CLI, so it is not overtly malicious. However, it routes ZITADEL access and authentication through Membrane as a third-party intermediary, which creates meaningful data-flow and trust-boundary risk that is broader than a direct official API integration.