input-validation-layer

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly references Stripe-specific code and configuration: it shows a Stripe webhook schema, uses stripe.webhooks.constructEvent to verify webhook signatures, and validates an env var STRIPE_SECRET with a Stripe secret prefix ('sk_'). These are specific payment-gateway integrations (Stripe), not generic tooling, so it meets the criteria for Direct Financial Execution capability even though the examples focus on validation rather than initiating payments.