codemagic

SUSPICIOUS: the skill is coherent as a Membrane-based Codemagic wrapper, and the CLI install source appears official, but its actual footprint relies on a third-party intermediary for authentication, action generation, and all API traffic instead of direct Codemagic APIs. That broader trust model and mutable global CLI install create medium risk, though there is no strong evidence of malware or hidden exfiltration.