leadgenius

SUSPICIOUS. The skill's purpose and capabilities mostly align, and the CLI comes from an official npm package rather than an opaque binary. However, the integration is not a direct LeadGenius client: it requires trusting Membrane as an intermediary for authentication, credential storage, token refresh, and API proxying. That third-party mediation and mutable @latest installs raise medium security risk, though there is not enough evidence of malware or clear malicious intent.