nothing-ever-happens-polymarket-bot

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly says the bot "scans Polymarket for standalone ... yes/no markets" and uses market data (titles/prices) from the public Polymarket site to decide and place trades, so it ingests untrusted, user-generated third‑party content that can materially influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading bot for Polymarket that can place real orders. It includes a "Live exchange client (Polymarket CLOB API)", configuration for order size and price caps, and explicit live-mode flags and required secrets (PRIVATE_KEY, FUNDER_ADDRESS, POLYGON_RPC_URL, DATABASE_URL). The README documents how to enable live trading (BOT_MODE=live, LIVE_TRADING_ENABLED=true, DRY_RUN=false) and how to deploy and provide secrets. These are specific APIs/ops to send transactions and move funds on a crypto prediction market (wallet private key, RPC URL, order transmission). Although it defaults to paper mode, it provides clear, deliberate mechanisms to execute real financial transactions on-chain. Therefore it grants direct financial execution capability.