paypal-integration

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill includes a client-side script tag that loads and executes remote JavaScript at runtime from https://www.paypal.com/sdk/js?client-id=YOUR_CLIENT_ID&currency=USD, which the frontend relies on to render and operate the PayPal Smart Buttons (i.e., it executes remote code and is a required runtime dependency).

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a PayPal payment integration. It includes concrete API calls and functions to create and capture orders, issue refunds, manage subscriptions/recurring billing, and perform payouts (send money). Those are specific payment gateway operations (PayPal REST endpoints) whose primary purpose is moving funds, so this grants direct financial execution capability.