stripe-payment-links

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill requires fetching and running the Membrane CLI at runtime (npm install -g @membranehq/cli@latest and npx @membranehq/cli@latest), which downloads and executes remote package code that the skill depends on, so this is a high-confidence execution risk.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is an explicit integration with Stripe Payment Links (a payment gateway) and documents how to connect to Stripe, discover and run pre-built actions, and create/manage payment link resources (products, prices, line items). It uses Membrane CLI to perform authenticated operations against the Stripe connector (connect, action list, action run, action create), which enables creating payment links and related payment resources — i.e., executing payment-related operations. This is a specific financial execution capability, not a generic tool.