polymarket-arbitrage-trading-bot

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly fetches public Polymarket data (see findActive15mMarket using axios.get(${config.gammaApiUrl}/markets) and getBestAsk calling ${config.clobApiUrl}/book) and then uses that untrusted, user/market-generated content (market tokens, endDateIso, orderbook asks) to drive automated trading decisions and order placement in its core workflow, so third-party content can materially influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto trading bot with direct on-chain and exchange order capabilities. It requires a PRIVATE_KEY and wallet, initializes a ClobClient with chain ID and wallet, and calls client.createOrder / client.postOrder to place real market orders (production mode). It also performs on-chain redemption via client.redeemPositions and references USDC on Polygon and Gnosis Safe signature types. These are specific crypto/blockchain transaction and market-order operations (sending transactions, signing, placing orders), not generic tooling—thus it grants direct financial execution authority.