cognite

SUSPICIOUS: The skill’s purpose and capabilities are mostly coherent, and the CLI comes from an official registry tied to the stated publisher. The main risk is data-flow integrity: all Cognite access is mediated through Membrane, a third-party platform, including generic proxy requests. That intermediary model is not inherently malicious, but it expands trust and credential exposure beyond direct Cognite API use, and mutable `@latest` installs add moderate supply-chain risk.