mercadopago-subscriptions

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's edge functions import runtime-executed code from https://esm.sh/@supabase/supabase-js@2 (used in the Deno boilerplate), which fetches and executes remote JS as a required dependency for the functions to run.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly an integration with the MercadoPago payment gateway. It defines server-side edge functions that call MercadoPago endpoints to create and manage preapproval/subscription objects (POST /preapproval with status='authorized' to trigger immediate charges; PUT /preapproval/{id} to cancel, change plan, change card, pause/reactivate). It includes secrets (MP_ACCESS_TOKEN), plan IDs, and patterns for charging and updating subscriptions. These are specific, purpose-built financial operations (payment gateway API calls) to move money/charge customers — therefore Direct Financial Execution capability is present.