gathercontent

SUSPICIOUS. The skill's overall purpose is coherent, but its actual data flow is mediated by Membrane rather than direct GatherContent APIs. That intermediary model means credentials and content data are handled server-side by a third party, which is a meaningful trust and privacy expansion beyond a typical direct integration. Install risk is modest because the CLI comes from npm, but the proxy-based architecture keeps overall risk in the medium range.