exa-known-pitfalls

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about integrating with a payment-like API (Exa) and includes concrete, payment-specific operations: exaClient.processPayment, exaClient.charge(order), a /checkout handler that processes payments, and guidance about idempotency to avoid duplicate charges and webhook signature verification. These are not generic automation or HTTP examples — they are specifically designed to move money or execute financial transactions. Therefore it grants Direct Financial Execution Authority.