polymarket
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (LOW): The skill documentation includes instructions to install the
@polymarket/real-time-data-clientpackage via npm. Although this package is not from an explicitly whitelisted trusted source, it is a scoped package directly related to the skill's primary function. - Indirect Prompt Injection (LOW): The skill is susceptible to Category 8 threats because it ingests and processes untrusted live data. * Ingestion points: Market data, trade activity, and user comments are received through the WebSocket connection's
onMessagehandler. * Boundary markers: Absent; there are no clear delimiters or instructions to the agent to ignore potentially malicious commands embedded in the external data. * Capability inventory: Based on the provided code, the skill is limited to monitoring and logging data; it does not exhibit dangerous capabilities like arbitrary code execution or file modification. * Sanitization: No sanitization or validation mechanisms are mentioned for the incoming data stream.
Audit Metadata