gorgias

SUSPICIOUS. The skill is coherent as a Membrane-based Gorgias integration, and the CLI installer appears official via npm, so this is not confirmed malware. However, it materially expands trust by routing authentication, credentials, and Gorgias operations through Membrane rather than directly to official Gorgias endpoints, and it uses mutable `@latest` CLI execution. That makes the skill medium risk and somewhat disproportionate for a simple service integration.