adyen

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill instructs running/installs of the Membrane CLI (e.g., npm install -g @membranehq/cli@latest and npx @membranehq/cli@latest), which will fetch and execute remote code from the npm registry (https://registry.npmjs.org/@membranehq/cli) and is a required runtime dependency for the skill to operate.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is an Adyen integration—a payment platform—exposing payment-related domains (Payment, Session, Checkout Configuration, Terminal, Billing Event, Refund) and instructing use of Membrane actions to connect and run Adyen operations (including "Refund" and terminal/checkout actions). This is a purpose-built payment integration (not a generic browser or HTTP tool) and thus can directly invoke payment/refund/terminal APIs to move money. Therefore it grants direct financial execution capability.