flagsmith

SUSPICIOUS: The skill’s install path is mostly legitimate, but its actual footprint is a Membrane integration that intermediates Flagsmith authentication and API traffic through Membrane services. That third-party credential/data routing is disproportionate to a plain Flagsmith skill and creates medium security risk even without clear malicious intent.