polyclaw

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The hedge workflow (scripts/hedge.py and SKILL.md/README) fetches public Polymarket markets via GammaClient (trending/search/get_market), feeds those user-generated market questions into an LLM prompt for implication analysis, and then derives covering portfolios that can drive trading actions—so untrusted third‑party content is ingested and can materially influence tool decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform on-chain financial operations: it manages an EVM wallet via a POLYCLAW_PRIVATE_KEY, submits approval transactions, and executes trades on Polymarket (split into YES/NO tokens and sell via a CLOB order book). Commands like wallet approve, buy <market_id> YES 50, and the CLOB sell flow clearly perform signed blockchain transactions and market orders on Polygon. This is a specific crypto/blockchain trading integration (wallet signing, contract interactions, market orders), not a generic tool, so it grants direct financial execution authority.