reconciliation-patterns

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly Stripe-specific and contains direct calls to Stripe's SDK using a secret key (e.g., new Stripe(process.env.STRIPE_SECRET_KEY!)). It lists subscriptions, retrieves customers (including expanded subscriptions), fetches and replays Stripe events, and handles payment-related webhook events (e.g., invoice.paid, customer.subscription.updated). These are specific payment-gateway integrations (Stripe) intended to manage subscription/payment state, not generic tooling, so it qualifies as direct financial execution authority.