weather

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches public, user-generated Polymarket market data (via getWeatherMarketFinder / finder.getWeatherMarkets and finder.getMarket called from index.ts and described in SKILL.md under "Match to Markets") and uses market text/prices to calculate edge and place bets, so untrusted third‑party content can directly influence decisions and tool use.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provides commands to place and automate real-money bets on Polymarket (e.g., "/weather bet " and "/weather auto ... Auto-bet on high-edge markets"). It includes bankroll sizing, bet execution, bet history and automated betting logic — i.e., the primary and explicit purpose is to send financial transactions (place market bets). This is not a generic tool (like a browser or HTTP caller); it is specifically designed to move money on a betting/market platform. Therefore it meets the "Direct Financial Execution" criterion.