payment-rails

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill requires installing and running the Membrane CLI (npm install -g @membranehq/cli@latest — https://www.npmjs.com/package/@membranehq/cli), which fetches and executes remote code and is relied on at runtime to run actions, so it is a runtime external dependency that can execute code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly an integration with Payment Rails (Trolley), a payout platform whose primary purpose is sending money to individuals and businesses (recipients, payments, batches, quotes). The prompt describes creating and running actions (via the Membrane CLI) against the Payment Rails connector, including building custom actions and passing JSON inputs to "action run" — functionality that would be used to create/send payouts and manage outgoing payments. This is a specific financial execution tool (payouts), not a generic interface, so it grants direct financial execution capability.