Semgrep

The skill requires the global installation of a third-party CLI (@membranehq/cli) and routes all Semgrep API interactions, including the retrieval of sensitive findings and secrets, through an external proxy service (Membrane). While these actions are documented in SKILL.md and aligned with the stated purpose, the requirement for global shell execution and the redirection of security data to a third-party intermediary constitute high-risk behaviors that increase the attack surface and supply chain risk.