assemblyai

SUSPICIOUS. The skill’s purpose and capabilities mostly align, and the CLI install source appears legitimate, but all AssemblyAI access and credentials are mediated through Membrane rather than the official API. That third-party proxy model is a material data-flow and credential-forwarding risk, though not enough to call the skill malicious.