fountain

SUSPICIOUS: the skill is coherent as a Membrane-based Fountain integration and uses an official npm-published CLI, so it is not malware-like. However, it routes authentication and API access through Membrane rather than directly to Fountain, and it uses mutable @latest installs; that intermediary data flow and trust concentration make the skill medium risk rather than benign.