sorry

Warn

Audited by Snyk on Apr 30, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.80). The skill requires fetching and running the Membrane CLI at runtime via commands like "npx @membranehq/cli@latest" / "npm install -g @membranehq/cli@latest" (npm package: https://www.npmjs.com/package/@membranehq/cli), which downloads and executes remote code and is relied upon to discover/run actions, so it is a runtime external dependency that can execute code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). Yes. The skill is explicitly for "manag[ing] and automating customer refunds and compensation" — i.e., issuing monetary refunds/compensation. Through the Membrane CLI it can discover and run connection-specific actions (membrane action run ...) against the Sorry integration, which is the explicit integration for refund/compensation workflows. Even though no specific payment provider (Stripe/PayPal) is named, the primary purpose of the integration is moving money (refunds/compensation), so it grants direct financial execution capability.

Issues (2)

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 30, 2026, 12:07 AM
Issues
2
Security Audit — snyk — sorry