polyclaw
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The
scripts/hedge.pyscript is susceptible to indirect prompt injection. It fetches trending or search-based market data from the Polymarket API and interpolates the market questions directly into LLM prompts without sanitization or strong boundary markers. An attacker could potentially influence the agent's analysis by creating markets with questions containing malicious instructions. - Ingestion points: Market questions fetched via
GammaClient.get_trending_markets()andsearch_markets()inscripts/hedge.py. - Boundary markers: Absent; market questions are inserted into the prompt using simple markdown list formatting.
- Capability inventory: The skill includes on-chain trading capabilities in
scripts/trade.py, which uses a provided private key to execute split and sell operations on the Polygon network. - Sanitization: The script does not escape or validate market content before including it in the LLM context.
- [COMMAND_EXECUTION]: The main dispatcher
scripts/polyclaw.pyusessubprocess.runto execute sub-scripts likemarkets.py,trade.py, andhedge.py. While the implementation is safer than shell-based execution because it uses a list-based API and a hardcoded script map, it passes raw user-supplied arguments from the CLI directly into child Python processes.
Audit Metadata