medusa-commerce

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a dedicated Medusa Commerce integration (an e‑commerce platform) and explicitly exposes commerce entities such as Order, Payment Provider, Gift Card, Price List, Currency, Region, etc. It instructs using the Membrane CLI to list and run pre-built actions and to proxy arbitrary requests to the Medusa API (including POST/PUT/PATCH/DELETE) with injected authentication. Those capabilities let an agent invoke payment‑related actions (create charges/refunds, manage payment providers or gift cards, modify orders/prices) via specific endpoints — not just generic browsing or HTTP tooling. Because it is explicitly designed to operate on commerce/payment objects and provides authenticated action/proxy mechanisms to perform transactional operations, it constitutes direct financial execution authority.