stripe

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill requires installing and running the Membrane CLI via "npm install -g @membranehq/cli@latest" (https://www.npmjs.com/package/@membranehq/cli), which fetches and installs remote code that is executed and relied upon at runtime to control the integration/agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a dedicated Stripe integration (a payment gateway). It explicitly exposes Stripe-specific actions and concepts — e.g., Payouts, Transfers, Payment Intents, Charges, Refunds, Create Payment Links, Get Balance, Update Subscriptions — and uses Membrane to run actions against a Stripe connection. Those actions are specifically designed to perform financial operations (including moving money via payouts/transfers and creating/refunding charges). This meets the "Direct Financial Execution" criteria.