saas-tenant-data-portability-and-erasure

Warn

Audited by Snyk on Jun 13, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill explicitly references payment gateway operations: it names Stripe in the data-store inventory and erasure capability matrix and instructs the erasure cascade to "Stripe Customer marked deleted" and to use per-vendor delete APIs for processors like Stripe. It also documents treatment of financial records (invoices/payments) and retention windows. Because it specifically defines interactions with a payment gateway API (Stripe), it constitutes a tool designed to perform explicit actions against a payment processor and therefore meets the "Direct Financial Execution" criterion.

Issues (1)

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 13, 2026, 03:45 PM
Issues
1
Security Audit — snyk — saas-tenant-data-portability-and-erasure