business-logic-testing

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly focused on manipulating payment-related endpoints and withdrawal flows. It includes concrete API calls and payloads for purchase/checkout (/api/purchase, /api/checkout), order state changes (PATCH /api/order/123), and withdrawal abuse ("提现漏洞" with amount fields). It provides code examples that send POST requests to perform purchases and withdrawals (including negative amounts to increase balance). These are specific, actionable instructions to execute or abuse financial transactions rather than generic tooling or testing guidance. Therefore it contains direct financial execution capability.