polymarket
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill facilitates trading by requiring a POLYMARKET_PRIVATE_KEY to be set in the environment or passed to the SDK. While necessary for the intended functionality, managing private keys within an AI agent's environment presents a significant security risk.
- [COMMAND_EXECUTION]: The skill utilizes a local shell script (scripts/validate_params.sh) and an external CLI binary (polymarket) for core operations. This pattern involves subprocess execution which can be exploited if parameters are not strictly sanitized.
- [EXTERNAL_DOWNLOADS]: The documentation references external software repositories for the Polymarket CLI (github.com/Polymarket/polymarket-cli). This is a well-known service, but users should verify the integrity of the binary.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from market titles, descriptions, and user comments via the Polymarket API. Ingestion points: search_markets, get_comments; Capability inventory: create_order, approve_set; Boundary markers: none; Sanitization: none.
Audit Metadata