jack-henry

SUSPICIOUS: the skill's purpose and capabilities are broadly aligned, and the CLI comes from an official npm package, so this is not outright malicious. The main risk is data-flow integrity: Jack Henry access is routed through Membrane's third-party platform, which handles authentication and action execution for sensitive financial data rather than using Jack Henry's official API path directly.