bigid

SUSPICIOUS. The skill's capabilities broadly match its stated BigID integration purpose, and the CLI install source is official npm rather than an unverifiable binary. However, the real data path is not direct BigID access: authentication, connections, and action execution are mediated by Membrane, so sensitive BigID operations and outputs may be exposed to that third-party service. This is coherent but higher-trust than the description implies, making it medium risk rather than benign.