jira

SUSPICIOUS. The skill's capabilities fit its Jira-management purpose and the CLI install path appears same-org and official, so this is not outright malicious. However, it routes Jira authentication and API activity through Membrane as a third-party intermediary, uses an unpinned global CLI install, and enables destructive Jira actions; those factors make the trust and data-flow footprint meaningfully riskier than a direct official Atlassian integration.