instana

SUSPICIOUS. The skill is not overtly malicious and uses an official, documented Membrane CLI from npm, but it shifts Instana authentication and API traffic through Membrane as a third-party intermediary instead of direct Instana endpoints. That trust expansion is disclosed and plausibly part of the product, yet it creates medium security risk and weaker data-flow integrity for a skill presented as an Instana integration.