formstack

SUSPICIOUS: the skill’s purpose and capabilities are coherent, and the CLI comes from an official registry with same-product documentation, so this does not look malicious. However, it materially expands trust by routing Formstack authentication and data through Membrane’s third-party CLI/service instead of direct Formstack APIs, and it uses an unpinned external CLI with mutation capabilities.