saas-tenant-data-portability-and-erasure
Warn
Audited by Snyk on Jun 13, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill explicitly references payment gateway operations: it names Stripe in the data-store inventory and erasure capability matrix and instructs the erasure cascade to "Stripe Customer marked deleted" and to use per-vendor delete APIs for processors like Stripe. It also documents treatment of financial records (invoices/payments) and retention windows. Because it specifically defines interactions with a payment gateway API (Stripe), it constitutes a tool designed to perform explicit actions against a payment processor and therefore meets the "Direct Financial Execution" criterion.
Issues (1)
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata