polar-integration

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's MCP integration instructs AI agents to connect at runtime to Polar's MCP servers (https://mcp.polar.sh/mcp/polar-mcp and https://mcp.polar.sh/mcp/polar-sandbox), which supply model context that can directly control agent prompts/instructions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a payments integration for Polar: it provides SDKs, Checkout APIs, checkout session creation (e.g., polar.checkouts.create), customer session/portal creation (polar.customerSessions.create), webhook handlers for payment/subscription events, and references for refunds, orders, subscriptions, and billing. It requires organization access tokens and sandbox/production server configs. These are specific financial operation APIs (creating payment sessions, managing subscriptions, processing refunds), not generic tooling, so it grants direct financial execution capability.