visa-best-practices

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill repeatedly instructs fetching https://sandbox.mcp.visa.com/mcp/doc/llms.txt at runtime for "all code examples" and "workflow implementations," which is high-confidence evidence the external file would be fetched and could directly supply instructions or executable code that control agent behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a specific integration guide for Visa Developer Platform and Visa Intelligent Commerce, including explicit details for card enrollment, purchase instructions, payment credentials, MCP/Visa API endpoints, sandbox/certification/production URLs, and authentication/encryption methods for making API calls. This is expressly about integrating with a payment gateway (Visa) and enabling payment flows, not a generic tool. Therefore it grants direct financial execution capability.