release

SUSPICIOUS: The skill is coherent as a Membrane integration, but it relies on a third-party intermediary to handle authentication and API access for Release rather than using clearly verified official target-service endpoints directly. The npm install path is standard and not overtly malicious, yet the combination of @latest global CLI install, unclear official command verification, server-side credential handling by Membrane, and remotely created actions makes the trust model broader than the skill description suggests.