applicantstack

SUSPICIOUS: The skill's purpose and capabilities are broadly aligned, and the CLI comes from an official npm package rather than an unverifiable binary. However, all ApplicantStack access is mediated through Membrane's hosted platform instead of direct official API calls, creating a third-party data and credential trust boundary; combined with mutable `@latest` installs, this makes the skill moderately risky rather than benign.