comeet

SUSPICIOUS: The skill is internally coherent as a Membrane-based Comeet integration and uses an official-looking npm package, so it is not overtly malicious. Risk comes from routing sensitive recruiting data and auth through Membrane instead of direct Comeet APIs, plus an unpinned global CLI install and expanded third-party trust boundary.