axiom-audit-iap

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly focused on in-app purchase (IAP) flows and StoreKit APIs: it hunts for and handles calls like Product.purchase(), Transaction.updates, await transaction.finish(), AppStore.sync(), appAccountToken usage, verification and server-side receipt validation. These are specific, payment-related APIs for initiating and finalizing purchases and managing entitlements — not generic tooling. Because the skill is specifically designed around financial transaction APIs (IAP/payment lifecycle), it constitutes Direct Financial Execution capability.