braze

SUSPICIOUS: the skill is internally coherent and uses an official npm-published Membrane CLI, so it is not overtly malicious. However, its true function is to broker Braze access through Membrane, meaning credentials and Braze data are intentionally routed through a third-party platform, and it enables impactful actions like messaging and user deletion; this makes the skill medium risk despite a legitimate-looking install path.