pushpay

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill requires installing and running the Membrane CLI (npm package @membranehq/cli, e.g. "npm install -g @membranehq/cli" / "npx @membranehq/cli@latest"), which fetches remote code from the npm registry and executes it at runtime, so this external dependency executes remote code that the skill relies on.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a Pushpay integration (a donor/payment platform) exposing domain-specific entities like Donations, Transactions, Refunds, Payment Methods, Bank Accounts, Cards, Batches, etc. It instructs use of the Membrane CLI to run connector actions (membrane action run) and to proxy arbitrary Pushpay API requests (membrane request) with HTTP methods including POST/PUT/DELETE. Those capabilities are explicitly for creating/updating/refunding donations and managing payment methods/accounts — i.e., moving or changing money-related state. This is a specific financial integration (not a generic tool), so it provides direct financial execution capability.