saas-control-plane-engineering
Warn
Audited by Snyk on May 14, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill explicitly integrates with a payment gateway (Stripe): it instructs creating Stripe customers and trial subscriptions in the onboarding saga, maintains a billing-customer mirror with stripe_customer_id and stripe_subscription_id, describes webhook ingest/reconciliation of Stripe state, and lists admin actions like issuing billing adjustments (refund, credit, plan override). These are specific payment-related operations (create customers/subscriptions, perform refunds/credits), i.e. direct financial execution capabilities.
Issues (1)
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata