sage-300

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill requires installing and running the external Membrane CLI via "npm install -g @membranehq/cli@latest", which fetches and executes remote code that the skill relies on at runtime (so remote content can directly control execution).

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a specific integration with Sage 300—an ERP that exposes explicit finance/payment objects (Payment, Deposit, Transfer, Bank, Invoice, Bill, Journal Entry, Receipt, Reconciliation, etc.). It uses the Membrane connector to discover and run actions against Sage 300 (membrane action run), which can create or modify those financial records. Because it directly targets an accounting system and its payment/bank/transaction entities (not a generic web/browser tool or generic HTTP caller), it provides the explicit capability to execute financial operations and thus constitutes direct financial execution authority.