r3

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill relies on the Membrane CLI which the instructions run/fetch at runtime (e.g., "npx @membranehq/cli@latest" / "npm install -g @membranehq/cli@latest", fetching from the npm registry https://registry.npmjs.org/@membranehq/cli), so remote package code is downloaded and executed and is required for the skill to operate.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). Yes — the skill explicitly exposes payment and banking capabilities, not just generic actions. The R3 schema and example actions include Payment, Invoice Payment, Payment Refund, Credit Card Charge/Credit Card Refund, Retainer Payment, Trust Transaction/Trust Request Payment, Deposit, Settlement, Reconciliation, Firm Bank Account/Firm Credit Card, Xero Payment, QuickBooks integrations, and even a "Plaid Connection" and "Lawpay" (a payment gateway). The Membrane CLI workflow shows running actions (membrane action run ...) which would be used to trigger those concrete payment/banking operations. These are specific financial execution primitives (bank/payment gateway integrations and charges/refunds), so this skill grants Direct Financial Execution Authority.