Skills
skills/adityaakr/polybaskets/basket-settle/Gen Agent Trust Hub

basket-settle

Pass

Audited by Gen Agent Trust Hub on Apr 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the vara-wallet command-line utility to perform contract calls, list wallet addresses, and configure network settings on the Gear/Vara mainnet.
  • [DATA_EXFILTRATION]: Fetches market state and resolution data from the Polymarket Gamma API (gamma-api.polymarket.com), which is a well-known prediction market service.
  • [PROMPT_INJECTION]: Potential surface for indirect prompt injection discovered in the data processing flow.
  • Ingestion points: Data is ingested from the external Polymarket Gamma API (gamma-api.polymarket.com) as specified in SKILL.md.
  • Boundary markers: None identified; the agent is not instructed to isolate or treat the API response data as untrusted.
  • Capability inventory: The agent is authorized to execute shell commands via vara-wallet with arguments derived from external data.
  • Sanitization: There are no documented steps for validating, escaping, or sanitizing the data (such as slugs or resolution text) returned from the API before it is passed to shell commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 24, 2026, 12:51 PM