pricing-page

The skill aims to implement a pricing/monetization workflow with tier definitions, gating, and Dodo Payments integration. The footprint is broadly coherent with the stated purpose: it defines PLANS, gating logic, and a checkout flow that uses a legitimate external SDK. However, there are security-conscious concerns: reliance on environment variables for credentials, potential data exposure via checkout metadata, webhook trust assumptions not fully shown, and a polling-based success flow that could be brittle. The data flow aligns with official API usage, but verifications for webhooks and secure handling of user data should be explicitly enforced. Overall, the skill is SUSPICIOUS to MEDIUM risk due to data flow and credential sensitivity, but not clearly malicious given the described intent. Recommend tightening webhook verification, explicit data-handling policies, and aligning success flow with event-driven updates rather than polling.