pci-compliance

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly oriented to payment processing and includes concrete, specific payment-execution code for a payment gateway (Stripe). For example, the TokenizedPayment.charge_with_token method sets stripe.api_key = "sk_..." and calls stripe.Charge.create(...) to create a charge. It also shows storing payment methods via stripe.Customer.modify and references Stripe Checkout/PayPal as hosted payment options. These are specific payment-gateway integration examples that enable sending charges (moving money), so it grants direct financial execution capability.