shopify-admin-refund-and-reorder

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform irreversible payment operations: it includes a refundCreate GraphQL mutation (Step 2) that processes refunds (payment mutations) and reports refunded amounts/IDs, requires write_orders scope, and warns that refundCreate cannot be undone. These are direct financial execution actions (sending money back to customers). Creating replacement draft orders is ancillary but the presence of the refund mutation makes this a tool to move/manage money.