promptmateio

SUSPICIOUS: the skill is mostly coherent with its stated Promptmate.io integration purpose, and the Membrane CLI appears to be an official same-org dependency from npm. However, data access is routed through Membrane as an intermediary, Promptmate.io’s official API behavior is not independently documented here, and the generic proxy/fallback model plus unpinned `@latest` CLI usage increase trust and data-flow risk. This looks more like a high-trust brokered integration than outright malicious behavior.