payment-async-flow
Warn
Audited by Snyk on Jun 20, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is explicitly about implementing a payment connector: it contains concrete APIs and examples that create and authorize payments (e.g., acquirer.createPixCharge, acquirer.initiateAsyncPayment, acquirer.authorizeSyncPayment, psp.createOrder), handle acquirer webhooks, and send status updates (approved/denied) back to the Gateway. These are specific financial-operation functions (creating charges/authorizations, managing payment lifecycle), not generic tooling — so it grants Direct Financial Execution authority.
Issues (1)
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata