trading-polymarket

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and displays and acts on public Polymarket data (e.g., Gamma API calls to https://gamma-api.polymarket.com/markets, CLOB REST endpoints and public WebSocket channels like wss://ws-subscriptions-clob.polymarket.com) — these are open, user-generated market questions/descriptions and live orderbook/trade data that the agent reads as part of its workflow (search/market handlers, orderbook, triggers, TWAP, and automated order execution), so untrusted third‑party content can materially influence trading decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading integration for Polymarket with full programmatic trading capabilities. It requires an Ethereum private key and API credentials and exposes methods to create, sign, post, and cancel orders (create_order, create_market_order, post_order, create_and_post_order, post_orders, cancel, cancel_all, etc.). Examples show market buys/sells (spend USDC, sell shares), market order posting, WebSocket user auth for fills, and API key management. These are specific crypto/market order operations that directly move funds and execute trades on-chain/off-chain — not generic tooling. Therefore it grants direct financial execution authority.