create-payment-credential

BENIGN with high operational risk. The skill's capabilities, install source, and data flows are coherent with its stated purpose as an official Stripe/Link payment credential helper, not a deceptive exfiltration tool. However, it enables autonomous financial actions, handles highly sensitive payment/PII data, writes secrets to local files, and uses fairly broad Bash permissions, so the security risk is high even without strong malware indicators.