http-client-resilience

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes a typed PaymentClient configured with a "PaymentApi" base URL and API key, and exposes methods named ProcessPaymentAsync and ProcessRefundAsync that POST to "payments" and "payments/{transactionId}/refund". Those examples are specifically designed to call a payment gateway API and perform payment and refund operations (i.e., send transactions), not just generic HTTP calls. This is direct financial execution capability.