trader-analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill fetches and consumes public, user-generated data from Polymarket's public API (PolymarketDataClient calling https://data-api.polymarket.com endpoints such as /activity, /positions, /leaderboard) and public on-chain event logs via a polygon RPC/Web3 exchange contract, and directly reads/analyses that external content as part of its workflow, exposing the agent to untrusted third-party content.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to analyze and follow traders on a trading platform (Polymarket) and includes components that execute market orders. It uses on-chain tooling (web3 with a Polygon RPC and an exchange contract) to read trades and a CopyTradingManager that calls trading_service.get_portfolio() and trading_service.place_order(...) to calculate sizes and execute copy trades. This is a specific trading/execution capability (market orders on crypto/market platform), not a generic automation API, so it grants direct financial execution authority.