plan-approval
Warn
Audited by Snyk on Jun 15, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill explicitly includes payment gateway functionality: multiple examples and templates for integrating Stripe (installing the Stripe SDK, creating a Stripe client, creating checkout sessions, webhook handlers, subscription management, migrations for subscription tables, and executing the payment/checkout flow). The plan execution flow shows executing those Stripe actions after user approval (e.g., "Implement checkout flow", "Add webhook handler", "Checkout session creation", "Stripe subscription billing complete", "Webhooks tested with Stripe CLI"). Because it contains specific, actionable payment gateway integration and execution steps (Stripe), this grants direct financial execution capability.
MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).
- Hidden Unicode characters detected (1 type(s) found)
Issues (2)
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
W021
MEDIUMHidden or invisible Unicode characters detected (potential obfuscation or prompt injection).
Audit Metadata