post-purchase-extension

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a Shopify post-purchase UI extension SDK explicitly for creating post-purchase offers and applying order edits that charge buyers. It defines calculateChangeset/applyChangeset and shows examples that call signChangeset and await applyChangeset(token). applyChangeset is described as "Apply the order edit and charge the buyer" and the Changeset includes additions like variants and subscriptions (with buyerConsentToSubscriptions). These are specific, built-in primitives for executing financial transactions (charging buyers / modifying orders), not generic tooling.