sourcegraph

SUSPICIOUS: the install path is reasonably trustworthy, but the skill's real function is to route Sourcegraph access through Membrane's managed service. That third-party credential and data brokerage is not fully aligned with a plain Sourcegraph integration and creates medium security risk despite low malware evidence.