zitadel

SUSPICIOUS: the skill’s purpose and capabilities mostly align, and the install source is an official npm package rather than an unknown binary. However, it routes ZITADEL access through Membrane’s third-party CLI/platform instead of direct official ZITADEL APIs, creating moderate credential and data-flow trust risk; use is coherent but not low-risk.