cc-payment-callback-safety

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly focused on payment gateway handling (WeChat Pay v3, Alipay, Stripe Webhooks, PayPal IPN) and contains concrete, payment-specific operations: verifying platform signatures, decrypting webhook payloads, querying payment orders (queryWechatOrder), and calling processPayment/reconcile logic that marks orders as paid. This is not a generic tooling guide — it’s specifically about handling and acting on third‑party payment notifications and reconciliation, which constitutes direct financial execution authority in the sense of confirming/updating payment state via payment-platform integrations.