saleor-development

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill's runtime setup instructs cloning and running code from an external Git repository (git clone https://github.com/saleor/saleor-platform.git followed by docker compose up), which fetches remote code that is then executed locally, so it is a runtime external dependency capable of executing code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly integrates payment processing into its workflow: prerequisites list a Stripe account and API keys, and the docs show completing checkout with a payment gateway token (e.g., from Stripe Elements) via the CheckoutComplete GraphQL mutation (paymentData). This is a specific, built-in mechanism to submit payment information and finalize orders (i.e., move money through a payment gateway), not just a generic API or browser automation example. Therefore it meets the "Payment Gateways" criterion for Direct Financial Execution.