product-onboarding

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly integrates with Stripe: it requires a Stripe account, includes a Stripe OAuth connect URL that stores stripe_account_id, and the integration code exposes fields like stripeChargeId / merchantChargeId and auto-approve_refund_days. The support integration includes actions (revokeAccess, transferPurchase, updatePurchaseStatusForCharge) and status changes tied to refunds/transfers. These are specific payment-gateway related operations (Stripe) rather than generic tooling, so it constitutes direct financial execution capability.