polybaskets-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests data from public third-party endpoints — e.g., Polymarket Gamma API (curl to https://gamma-api.polymarket.com/markets) for market descriptions/prices, the voucher backend (https://voucher-backend-production-.../voucher) for voucher state/top-ups, and the bet-quote service (https://bet-quote-service-production.up.railway.app/api/bet-lane/quote) for signed quotes — and the agent is instructed to read and act on that untrusted, external content (use quotes to PlaceBet, use market descriptions to form theses), so external content can materially influence decisions and tool use.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill pack is explicitly for interacting with a blockchain prediction market and includes direct crypto financial operations: creating wallets, checking balances, approving token spends (BetToken/Approve), placing on-chain bets (BetLane/PlaceBet), claiming payouts (BetLane/Claim), and managing gas vouchers (POST to voucher backend to fund 500 VARA). It uses a wallet CLI (vara-wallet) to sign and send transactions and contains step-by-step commands that move tokens and execute on-chain transactions. This is specifically designed to move money/assets on-chain, not a generic tool, so it meets the Direct Financial Execution criteria.