payment-provider-framework
Warn
Audited by Snyk on Jun 20, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). Yes. This skill is explicitly designed to implement payment connectors and direct interactions with payment service providers: it defines Create Payment (authorize) flows, Capture/Capture (settle), Cancel, and Refund operations, uses SecureExternalClient / ExternalClient to send payment/authorization requests to PSP endpoints, requires outbound-access policies for PSP hosts, and maps affiliation headers to PSP API credentials. Those are specific payment-gateway / PSP integration capabilities (sending transactions, captures, refunds, and handling card authorization), i.e., direct financial execution.
Issues (1)
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata