mercadopago

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill includes a runtime script tag that loads and executes remote JavaScript (the MercadoPago SDK) from https://sdk.mercadopago.com/js/v2 which the skill depends on to create bricks/fields and perform tokenization, so this external URL is a required runtime dependency that executes remote code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a MercadoPago payment-integration guide covering payment processing, Checkout APIs/SDKs, authentication, creating payments, refunds, subscriptions, and webhooks. Its primary and explicit purpose is to integrate with a payment gateway and perform payment-related operations (e.g., "create payment via API", "refunds", "subscriptions"), which are direct financial execution capabilities.