psigen-software

SUSPICIOUS. The skill is largely coherent with its stated PSIGEN integration purpose and uses an official same-brand CLI from npm, so this is not strongly indicative of malware. However, all authentication, credential storage/refresh, and API traffic are funneled through Membrane as a third-party intermediary instead of directly to PSIGEN, which raises medium trust and data-flow risk; the unpinned `@latest` CLI install adds supply-chain risk.