bloomreach

SUSPICIOUS. The skill’s purpose is coherent, and the CLI source appears legitimate, but the actual integration path routes BloomReach authentication and API traffic through Membrane’s intermediary platform rather than directly to official BloomReach APIs. That creates medium risk from third-party credential and data handling, though there is no clear evidence of malware or covert exfiltration.