harness

SUSPICIOUS. The skill's purpose and commands are internally coherent, and the CLI comes from an official npm package rather than an obviously malicious installer. However, the integration routes authentication, credential refresh, and Harness API traffic through Membrane as a third-party intermediary instead of direct first-party Harness access, which raises medium trust and data-flow risk for sensitive DevOps data.