bloomerang-api

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a specific CRM API for donor management that includes explicit financial endpoints and scopes: e.g., POST /transaction (create a gift/transaction), PUT/DELETE /transaction/{id}, pledge write-offs (POST /pledge/{id}/writeOff), and refund-related endpoints. The auth scopes include StandardEditFinancialData. These are explicit capabilities to create, modify, and manage financial transaction records (i.e., "send transaction"/edit financial data), not just generic APIs or browser automation.