opportunity
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill documentation and code snippets reference an external, unverifiable library
clodds/opportunity. This package is not sourced from any of the trusted GitHub organizations or repositories. Use of unknown dependencies to handle financial logic presents a significant supply chain risk. - [CREDENTIALS_UNSAFE] (MEDIUM): While credentials are not hardcoded, the skill is explicitly designed to ingest and process high-value secrets, including
apiSecret,passphrase, andprivateKeyfor financial platforms like Polymarket and Kalshi. Passing these secrets to an unverified third-party library is a high-risk pattern for potential credential exfiltration. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8). It ingests untrusted market data (titles and descriptions) from multiple external platforms to perform 'Semantic Matching'.
- Ingestion points: External prediction market data (market questions, descriptions) via API.
- Boundary markers: Absent; the logic relies on Jaccard coefficients and vector embeddings without explicit instruction delimiters.
- Capability inventory: Financial order execution (
finder.execute), API secret handling, and network requests. - Sanitization: None specified; the skill uses semantic similarity which can be manipulated by 'adversarial' market titles to force incorrect links or executions.
- [METADATA_POISONING] (MEDIUM): The skill claims to be based on
arXiv:2508.03474. As of current date, this is a future-dated or non-existent ID (arXiv follows YYMM format), indicating deceptive or hallucinated documentation intended to build false trust.
Audit Metadata