polymarket-cli
Fail
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides installation instructions that download and execute a shell script from the official Polymarket GitHub repository (https://raw.githubusercontent.com/Polymarket/polymarket-cli/main/install.sh). This involves remote code execution from a well-known service and is a documented installation path for the tool.
- [EXTERNAL_DOWNLOADS]: The skill references and fetches the Polymarket CLI tool and related configurations from official sources on GitHub. These references are documented neutrally as they originate from a recognized organization.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting market data, such as questions and descriptions, from the Polymarket API.
- Ingestion points: Market data is fetched via
markets list,markets search, andmarkets getcommands described inreferences/commands-browsing.md. - Boundary markers: There are no clear delimiters or instructions to the agent to treat the fetched market content as potentially untrusted text.
- Capability inventory: The agent can execute local CLI commands that perform on-chain transactions and manage wallet configurations.
- Sanitization: The skill does not specify any sanitization or validation logic for the content retrieved from the external API.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/Polymarket/polymarket-cli/main/install.sh - DO NOT USE without thorough review
Audit Metadata