xero

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill calls the Membrane CLI at runtime (e.g., membrane connection ensure "https://xero.com"), and the service can return clientAction.agentInstructions — external, runtime-provided instructions that the agent may execute, so the https://xero.com connection flow is a runtime dependency that can directly control agent prompts.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). Yes. The skill is a specific Xero integration for accounting and includes explicit actions to create and manage financial records and transactions. Notably it exposes actions such as "Create Bank Transaction (spend or receive money)" and "Payment", plus create/update invoice, purchase orders, bank account and bank transaction operations. These are specific, finance-focused APIs (accounting/banking transaction creation) rather than generic tooling, and therefore constitute direct financial execution capability.