insites

SUSPICIOUS: the skill's capabilities broadly match its stated Insites-integration purpose and the CLI comes from an official npm package, but the design routes authentication and all data operations through Membrane rather than directly to Insites. That third-party credential/data mediation plus unpinned CLI installation and support for destructive actions make this medium risk despite being internally coherent.