tripetto

SUSPICIOUS: the skill is broadly coherent with its stated purpose, but it requires trusting Membrane as an intermediary for Tripetto credentials and data, and it installs an unpinned external CLI from npm. This is not overtly malicious, but the third-party credential/data routing and mutable install path make it higher risk than a direct official Tripetto integration.