cybersource

SUSPICIOUS: the skill's purpose and capabilities mostly align, and the installer appears to be an official same-org npm package rather than an unverifiable payload. However, the integration routes CyberSource access through Membrane-managed auth and proxy services instead of direct official CyberSource API use, creating a meaningful third-party trust and data-flow risk for payment-related operations.