ifood

SUSPICIOUS: The skill is internally consistent as a Membrane-based integration, and the CLI source appears legitimate via official npm. However, it materially changes the trust model by routing iFood authentication, credentials, and API traffic through Membrane's service and proxy instead of direct official iFood API access. Combined with unpinned @latest CLI execution, this makes it medium-risk and suspicious rather than benign.