convex-security-audit

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill defines an internal action named _processPayment that explicitly references processing payments with Stripe and reads a STRIPE_SECRET_KEY from the environment. This is a specific payment-gateway integration (Stripe), i.e., a function whose primary purpose is to send/process transactions, even if marked internal. Therefore it grants direct financial execution capability.