paypal-integration

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The frontend example loads and executes remote JavaScript at runtime from https://www.paypal.com/sdk/js?client-id=YOUR_CLIENT_ID&currency=USD to render Smart Payment Buttons, so this external URL runs remote code and is a required runtime dependency for the client-side flow.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly and specifically designed to integrate with PayPal payment APIs. It contains concrete, actionable functions and endpoints to create and capture orders, process refunds, create subscriptions/recurring billing, and perform payouts (e.g., PayPalClient.create_order, capture_order, create_refund, create_subscription, PayPal Payouts). These are payment gateway operations that can move money and manage transactions — not generic tooling. Therefore it grants direct financial execution capability.