aci-payon

This document is a usage README for an ACI PAY.ON integration that delegates authentication and API proxying to the Membrane service via an official CLI. I found no code or instructions that directly exfiltrate local secrets, spawn shells, or perform download-and-execute from untrusted domains (no curl|bash patterns). The primary risks are supply-chain and data-centralization: installing a global CLI from npm and routing all requests and credentials through Membrane means users must trust Membrane with sensitive payment data. There is moderate security risk due to third-party custody of credentials and the use of unpinned/@@latest examples; otherwise the instructions are coherent with the skill's stated purpose and do not contain obvious malicious behavior.