threat-stack

SUSPICIOUS. The skill’s purpose is coherent, and its main dependency comes from an official registry in the same vendor ecosystem, so this is not overt malware. However, it routes Threat Stack authentication and data through Membrane as a third-party intermediary, expanding credential and data exposure beyond what a direct Threat Stack integration would require; combined with unpinned CLI execution, this makes the skill medium risk.