elopage

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly requires the Membrane CLI to be installed and used at runtime (npm install -g @membranehq/cli@latest — e.g. https://www.npmjs.com/package/@membranehq/cli), which fetches and executes remote code and is a required runtime dependency for controlling actions, so it presents an execution risk.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill integrates with Elopage, an e-commerce/payment platform, and exposes explicit payment-related actions (e.g., "Refund Payment", "Get Payment", "Get Transfer", "Payout", "Invoice", "Create Order") and mentions payment processing and automated invoicing. These are specific financial operations (including refunding payments and handling payouts/transfers), not generic tooling, so the skill grants direct financial execution capability.