integrate-solvapay-sdk

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly directs runtime fetching of SolvaPay documentation (https://docs.solvapay.com/mcp and fallback https://docs.solvapay.com/llms.txt) to drive implementation decisions, so external content retrieved at runtime would directly control the agent's instructions and is treated as a required dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for integrating the Solvapay payment SDK and includes concrete payment operations: checkout sessions, payment intents, hosted checkout vs embedded payment intent, customer sessions/portals, usage tracking, webhooks, and handling of SOLVAPAY_SECRET_KEY. These are specific payment gateway capabilities (creating and managing payment flows and transactions), not generic tooling. Therefore it grants direct financial execution authority.