plan-approval

Warn

Audited by Snyk on Jun 15, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill explicitly includes payment gateway functionality: multiple examples and templates for integrating Stripe (installing the Stripe SDK, creating a Stripe client, creating checkout sessions, webhook handlers, subscription management, migrations for subscription tables, and executing the payment/checkout flow). The plan execution flow shows executing those Stripe actions after user approval (e.g., "Implement checkout flow", "Add webhook handler", "Checkout session creation", "Stripe subscription billing complete", "Webhooks tested with Stripe CLI"). Because it contains specific, actionable payment gateway integration and execution steps (Stripe), this grants direct financial execution capability.

MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

  • Hidden Unicode characters detected (1 type(s) found)

Issues (2)

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

W021
MEDIUM

Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 15, 2026, 12:59 PM
Issues
2
Security Audit — snyk — plan-approval