azure-ai-vision

SUSPICIOUS. The skill is internally coherent and not overtly malicious, but it routes Azure AI Vision access and authentication through Membrane rather than directly to Azure. Because this third-party mediation is central to the skill, disclosed, and supported by the vendor's docs, this looks like a managed integration pattern rather than credential theft; still, the extra trust boundary and unpinned CLI install make it medium risk.