The skill is specifically designed for direct financial operations, giving the agent the ability to move money or execute financial transactions — such as payment processing, cryptocurrency operations, banking integrations, or market order execution.

Why it was flagged

Direct money access detected (high risk: 1.00). The document is an integration guide for PortOne, a payment gateway, and explicitly describes SDK/APIs for initiating and verifying payments (e.g., PortOne.requestPayment), server SDK calls to get/verify payments, billing-key issuance and server-initiated recurring charges, webhook handling for payment events, and use of API secrets/Authorization headers. These are specific, purpose-built financial APIs/tools intended to move money and manage transactions, so it grants direct financial execution capability.

Report incorrect finding

Audited: 1 day ago
Security analysis