money-product

SUSPICIOUS: the core build/deploy/payment capabilities generally fit the stated purpose and mostly rely on official vendors, but the skill is high-impact and unusually broad. The strongest concern is the ccapi.ai fallback, which routes Gemini-related credentials/traffic through a third-party intermediary instead of Google’s official path, plus transitive skill loading and real-world deployment/payment actions with limited explicit approval boundaries.