sigma

SUSPICIOUS: the skill's capabilities fit its stated Sigma-integration purpose, and the CLI comes from an official registry, so this is not outright malicious. However, it centralizes authentication, credential refresh, and API proxying through Membrane rather than talking directly to Sigma, creating medium trust and data-flow risk; the unpinned `@latest` CLI install adds supply-chain exposure.