customgpt

SUSPICIOUS. The skill’s capabilities fit its stated purpose, and the install source is a legitimate official npm package rather than an unverifiable binary. However, it routes authentication and all CustomGPT operations through Membrane as a third-party intermediary, which expands trust and gives that service access to credentials and data; this is disclosed and somewhat proportionate, but weaker than a direct official CustomGPT integration.