sap-ariba

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill instructs running the Membrane CLI via runtime package fetch/execute (e.g., "npx @membranehq/cli@latest" / npm package https://registry.npmjs.org/@membranehq/cli), which downloads and executes remote code that the skill relies on to operate.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is an integration with SAP Ariba — a procurement and spend-management platform. The documented domain objects include Purchase Order, Invoice, Contract, Spend Visibility and Supplier workflows, and the skill shows how to discover and run Membrane actions (including creating custom actions) against a connection. Those actions can be used to create/update purchase orders and invoices (i.e., initiate/alter financial commitments and supplier payment-related records). This is a purpose-built procurement/financial operations integration (not a generic browser or HTTP tool), so it provides explicit capability to perform financial-execution actions.