extension-payment

SUSPICIOUS: The stated purpose is legitimate and mostly aligned with payment integration, but the skill expands trust by requiring a transitive docs-seeker skill and likely routing doc retrieval through Context7. Its credential request is somewhat broader than necessary, and external-doc ingestion plus implementation guidance raises prompt-injection and third-party data-flow risk. No direct malware indicators or overt exfiltration are present.