agentic-jumpstart-security

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes Stripe payment integration and code for handling payment-related events: it constructs a Stripe client with STRIPE_SECRET_KEY, verifies Stripe webhooks (stripe.webhooks.constructEvent), references checkout.session.completed and handling checkout completion, and requires Stripe-related env vars. These are specific payment-gateway APIs (Stripe), so the skill contains direct financial execution capabilities (payment gateway integration), even though framed as security guidance.