saas-control-plane-engineering

Warn

Audited by Snyk on May 14, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill explicitly integrates with a payment gateway (Stripe): it instructs creating Stripe customers and trial subscriptions in the onboarding saga, maintains a billing-customer mirror with stripe_customer_id and stripe_subscription_id, describes webhook ingest/reconciliation of Stripe state, and lists admin actions like issuing billing adjustments (refund, credit, plan override). These are specific payment-related operations (create customers/subscriptions, perform refunds/credits), i.e. direct financial execution capabilities.

Issues (1)

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 14, 2026, 11:15 AM
Issues
1
Security Audit — snyk — saas-control-plane-engineering