polymarket

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs embedding private keys in environment variables, CLI commands, and SDK calls (e.g., export POLYMARKET_PRIVATE_KEY=0x..., polymarket.configure(private_key="0x..."), polymarket wallet import ), which would require the LLM to include secret values verbatim in generated outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill fetches public data from Polymarket's open APIs (Gamma API and CLOB API) and via the Polymarket CLI (references/api.md and SKILL.md), and explicitly exposes user-generated content endpoints such as get_comments, get_user_comments, and get_profile which the workflows and commands instruct the agent to read and use (e.g., market search, get_market_prices, leaderboard/profile inspection), so third-party content can influence decisions and tool actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly exposes trading and on-chain wallet operations. It documents configuring a private key (env var, SDK, or CLI import) and includes commands to create_order, market_order, cancel_order, get_balance, and CLI on-chain functions (ctf_split, ctf_merge, ctf_redeem, approve_set). These are specific crypto/blockchain and market-order capabilities that can move funds or place trades — not generic tooling. Therefore it grants direct financial execution authority.