polymarket
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local parameter validation script
scripts/validate_params.shand a third-partypolymarketCLI binary to perform market interactions and trading operations. - [EXTERNAL_DOWNLOADS]: The skill relies on external software dependencies, including the
sports-skillsPython package and thepolymarketCLI binary hosted on GitHub. The CLI is sourced from a well-known organization (Polymarket), which is considered a trusted source for its own functionality. - [CREDENTIALS_UNSAFE]: Trading and on-chain commands require the user to configure a sensitive
POLYMARKET_PRIVATE_KEYvia environment variables or CLI commands. While standard for cryptocurrency interactions, this involves handling highly sensitive cryptographic material. - [PROMPT_INJECTION]: The skill includes functionality to fetch user-generated comments from the Polymarket platform via
get_commentsandget_user_comments, introducing a surface for indirect prompt injection. - Ingestion points: External user content is fetched from the Polymarket API and CLI (documented in
references/commands.md). - Boundary markers: No explicit delimiters or instructions are provided to the agent to treat fetched comment data as untrusted or to ignore embedded instructions.
- Capability inventory: The skill has powerful capabilities, including placing and canceling orders and managing contract approvals (
create_order,cancel_order,approve_set). - Sanitization: There is no evidence of sanitization or filtering of the retrieved comment content before it is processed by the agent.
Audit Metadata