coterie-insurance

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill requires installing and running the Membrane CLI (installed via "npm install -g @membranehq/cli@latest" — https://www.npmjs.com/package/@membranehq/cli), which fetches and executes remote code and is relied on at runtime to run actions, so this external package is a runtime dependency that executes remote code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is an integration for Coterie Insurance (not a generic browser or HTTP tool) and explicitly surfaces Billing and Payment Method functionality and policy binding (which commonly involves charging/creating payment methods). It uses Membrane actions to discover and run connector-specific actions (including likely billing/payment actions). Because this is a domain-specific integration that can include explicit payment-related operations (manage payment methods, bind/issue policies), it grants direct financial execution capability.