checkout-customization

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about Shopify checkout customization and includes APIs that directly modify checkout/orders and affect charges. Examples: calculateChangeset and applyChangeset (used to add a variant to an order/post-purchase upsell), useTotalAmount and useCartLines (expose amounts), extension targets for payment-method rendering, and useApi.sessionToken for authenticated backend calls. These are specific commerce/payment-related APIs (not generic browser or HTTP tooling) and can change what a customer is charged. Under the core rule, this is a specific financial/checkout integration that grants the agent the ability to execute order/checkout changes that directly affect payments.