sql-injection-prevention

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill includes an explicit transferFunds implementation that debits one account, credits another, and records a transaction in the database. Although the overall doc is about SQL-injection prevention, this function is a direct database-level funds-transfer routine (i.e., code to move money between accounts). That constitutes explicit financial execution capability, even if it is not integrated with external payment gateways.