sorry
Warn
Audited by Snyk on Apr 30, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill requires fetching and running the Membrane CLI at runtime via commands like "npx @membranehq/cli@latest" / "npm install -g @membranehq/cli@latest" (npm package: https://www.npmjs.com/package/@membranehq/cli), which downloads and executes remote code and is relied upon to discover/run actions, so it is a runtime external dependency that can execute code.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). Yes. The skill is explicitly for "manag[ing] and automating customer refunds and compensation" — i.e., issuing monetary refunds/compensation. Through the Membrane CLI it can discover and run connection-specific actions (membrane action run ...) against the Sorry integration, which is the explicit integration for refund/compensation workflows. Even though no specific payment provider (Stripe/PayPal) is named, the primary purpose of the integration is moving money (refunds/compensation), so it grants direct financial execution capability.
Issues (2)
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata