shopify-payments-apps

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill calls https://shopify.dev/assistant/search at runtime (and reports validation to https://shopify.dev/mcp/usage), and the responses from /assistant/search are required and used to construct the agent's GraphQL prompts/instructions, so these external endpoints directly control agent output.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to integrate with Shopify's Payments Apps API and to construct GraphQL operations for payment-related actions (process payments, authorization/capture/settlement, refunds/voids, manage payment sessions). It targets payment providers, mentions provider authentication and PCI compliance, and guides creating mutations that would send payment and refund instructions. These are specific payment gateway operations (direct financial execution), not generic tooling.