polymarket-skill

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This skill explicitly instructs copying a private key and passing it directly into CLI commands (e.g., polygon-agent polymarket set-key 0x<yourPrivateKey>), which requires the LLM/agent to handle and emit secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow instructs the agent to call polygon-agent polymarket markets and polygon-agent polymarket market to fetch market data from Polymarket (polymarket.com) and related third-party pages (e.g., reveal.magic.link), which are public, user-created markets and content that the agent is explicitly told to read and use as probability inputs to decide trades.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform on-chain and off-chain financial operations for Polymarket trading. It includes commands to import private keys, fund wallets, set permanent token approvals, transfer native tokens (polygon-agent send-native --broadcast), move USDC.e from a smart wallet to a proxy wallet and place orders (polygon-agent polymarket clob-buy ... --broadcast), and execute sells (--broadcast). These are specific crypto/blockchain and market-order actions (wallet management, signing transactions, fund transfers, placing/canceling orders), not generic tooling, and therefore grant direct financial execution capability.