jack-henry

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill requires installing and running the external Membrane CLI (via "npm install -g @membranehq/cli@latest" / "npx @membranehq/cli@latest"), which fetches and executes remote code at runtime and is relied on to perform actions, so it represents a runtime external dependency that can execute code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is an explicit Jack Henry banking integration (core banking + payment processing) and lists financial execution entities such as "ACH Transfer" and "Wire Transfer". It uses Membrane actions to connect and run connector operations against Jack Henry (e.g., action run), which can perform account and transfer operations. Because the skill is specifically designed to interact with a bank/payment provider and includes transfer/payment-related actions, it meets the "Direct Financial Execution" criteria.