payment-async-flow

Warn

Audited by Snyk on Jun 20, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is explicitly about implementing a payment connector: it contains concrete APIs and examples that create and authorize payments (e.g., acquirer.createPixCharge, acquirer.initiateAsyncPayment, acquirer.authorizeSyncPayment, psp.createOrder), handle acquirer webhooks, and send status updates (approved/denied) back to the Gateway. These are specific financial-operation functions (creating charges/authorizations, managing payment lifecycle), not generic tooling — so it grants Direct Financial Execution authority.

Issues (1)

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 20, 2026, 01:05 AM
Issues
1
Security Audit — snyk — payment-async-flow