The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill instructs the agent to run 'polygon-agent polymarket set-key '. Passing raw private keys as command-line arguments is insecure because they are often stored in plain text in shell history files (e.g., .bash_history) and are visible in process monitoring tools like 'ps'.
[PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) as it retrieves and processes market data from the Polymarket platform.
Ingestion points: The agent retrieves untrusted text (market questions and descriptions) via the 'polymarket markets' and 'polymarket market' commands.
Boundary markers: No delimiters or safety instructions are provided to help the agent distinguish between legitimate market data and potential malicious instructions embedded within market text.
Capability inventory: The skill provides the agent with significant financial capabilities, including 'clob-buy', 'sell', and 'send-native' (POL transfers).
Sanitization: There is no evidence of sanitization or validation of the market data before it is presented to the agent's context.
[COMMAND_EXECUTION]: The skill makes extensive use of the 'polygon-agent' CLI to perform sensitive operations, including wallet configuration, token approvals, and financial transactions. While these are the intended functions of the skill, they represent a broad capability surface that requires careful oversight.

polymarket-skill