infisical

SUSPICIOUS. The install source appears legitimate, but the skill’s real footprint is an Infisical-via-Membrane proxy workflow: users must trust and authenticate to Membrane, which stores and refreshes credentials and mediates all access to Infisical data. That third-party credential and secret handling is broader than the stated Infisical purpose and creates medium-high security risk despite not showing confirmed malware.