polymarket

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill includes a code example that requires embedding API key, secret, and passphrase directly in the subscription object (clob_auth), which would require the LLM to handle and output secret values verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill connects to Polymarket's public WebSocket and REST APIs (e.g., RealTimeDataClient subscribing to the "comments" topic and API endpoints like /comments) and ingests user-generated, untrusted content (comments, reactions, profile bios/images) which the agent is expected to read and process (onMessage handlers), exposing it to indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly centered on a financial trading platform (Polymarket). It documents a Trading API (REST & WebSocket), "Implementing trading strategies", "trading.md", and user portfolio management. It exposes authenticated user channels (clob_user) for orders and trade executions and shows an auth scheme requiring API key/secret/passphrase. Those elements are specific to placing and managing market orders and interacting with trading endpoints — i.e., direct financial execution capability.