documerge

SUSPICIOUS: the skill is coherent and likely legitimate, but it proxies Documerge access through Membrane-managed infrastructure and asks the agent to install and trust a third-party CLI with mutable @latest versions. This is not clearly malicious, yet the intermediary credential/data flow and unpinned CLI execution create meaningful medium risk.