paypal-integration

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The frontend loads the PayPal JavaScript SDK (https://www.paypal.com/sdk/js?client-id=YOUR_CLIENT_ID&currency=USD), which is fetched at runtime, executes remote code in the client, and is presented as a required dependency for the integration.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a PayPal payment integration: it contains concrete REST API calls and code for creating and capturing orders, issuing refunds, managing subscriptions/recurring billing, and PayPal Payouts (sending money). These are specific payment-gateway operations that can move funds or authorize transactions, so it provides direct financial execution capability.