paypal-integration

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill includes a runtime client-side include that fetches and executes remote JavaScript (https://www.paypal.com/sdk/js?client-id=YOUR_CLIENT_ID&currency=USD), which is required for the PayPal Smart Buttons to function and therefore constitutes an external dependency that executes remote code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for payment processing with PayPal and includes direct, actionable API calls that move money: creating and capturing orders, issuing refunds, creating payouts (send money to recipients), and managing subscriptions/recurring billing. It provides concrete REST endpoints, example code (create_order, capture_order, create_refund, PayPal Payouts, create_subscription_plan, etc.) and OAuth token usage for live/sandbox environments. These are specific financial execution capabilities (not generic tools), so it grants Direct Financial Execution Authority.