marqeta

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill instructs running npx @membranehq/cli@latest (e.g., "npx @membranehq/cli@latest action list ..."), which will fetch and execute remote package code from the npm registry at runtime and the skill depends on the Membrane CLI for operation, so this is a runtime external dependency that executes remote code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). Marqeta is a payment/card-issuing platform and the skill explicitly exposes domain-specific objects and operations: Card, Funding Source (Program Funding Source), Transaction, Program, Offer, Webhook. The skill uses Membrane to discover and run concrete Marqeta actions (membrane action run ... --input '{"..."}'), and Membrane manages auth so the agent can invoke API calls that create/manage cards, funding sources, and transactions. This is not a generic browser or HTTP tool — it is a specific integration with a payments API and therefore grants direct financial execution capabilities.