peoplehr

SUSPICIOUS: the skill's stated PeopleHR purpose is plausible, and the Membrane CLI install path is official-looking, but the actual data flow routes authentication and HR records through Membrane rather than directly to PeopleHR. That third-party gateway model, combined with dynamic remote action creation and unpinned CLI installation, makes this a medium-risk skill rather than a benign direct API integration.