Bankr Dev - Polymarket
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill exhibits a high-severity indirect prompt injection surface by converting untrusted natural language into executable actions.\n
- Ingestion points: Untrusted content enters via market queries and event descriptions used in the
executefunction as defined inSKILL.md.\n - Boundary markers: Absent. The skill patterns do not define delimiters to isolate external content from the agent's instructions.\n
- Capability inventory: High-impact capabilities include placing bets (
Bet), redeeming winnings, and accessing private position history on the Polygon network.\n - Sanitization: There is no evidence of filtering or escaping for the
{market}or{event}variables, which could allow malicious content to hijack the agent's decision logic.\n- [COMMAND_EXECUTION] (HIGH): The skill enables irreversible financial transactions (USDC.e on Polygon). Since theexecutefunction interprets commands without explicit human-in-the-loop confirmation or transaction-signing requirements defined in the skill metadata, it is susceptible to being triggered maliciously by third-party data or injected prompts.
Recommendations
- AI detected serious security threats
Audit Metadata