basket-settle

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches market data from the public Polymarket API (curl to https://gamma-api.polymarket.com/markets?slug=<poly_slug> in "Step 2: Check Polymarket Resolution") and then uses those external, untrusted resolution flags and prices to build item_resolutions and drive ProposeSettlement/FinalizeSettlement, so third‑party content can materially influence agent decisions and actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform on-chain settlement operations using a wallet CLI (vara-wallet) on MAINNET, calling contract methods ProposeSettlement and FinalizeSettlement and requiring the settler role and voucher/account signing. Those actions finalize baskets so users can claim payouts — i.e., direct blockchain financial execution (wallet transactions/signing affecting funds/payouts). This matches the "Crypto/Blockchain (Wallets, Swaps, Signing)" criterion.