pp-mercury

SUSPICIOUS. The capability set matches banking management, but the trust chain is weak: the skill routes sensitive Mercury access through third-party wrapper binaries that do not appear clearly published by Mercury or the listed author, then permits high-impact financial actions and arbitrary webhook output delivery. This is not confirmed malware, but it is a high-risk banking skill with disproportionate install-trust and data-flow concerns.