Please report suspected vulnerabilities privately through GitHub security advisories for this repository.

Do not open public issues for credential exposure, auth handling, or webhook event replay concerns.

• MakePay credentials are stored in Pipedream managed auth.
• Do not add actions that accept key secrets as normal props.
• Use state and dedupe IDs for sources that emit payment events.