polymarket
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted data from Polymarket APIs, such as market descriptions, event titles, and user comments, which are then processed by the AI agent. Since the skill also possesses the capability to place orders and manage funds, a crafted market description could potentially influence the agent to perform unauthorized financial actions.
- Ingestion points:
GammaService.get_market(scripts/polymarket/services/gamma.py),GammaService.get_comments(scripts/polymarket/services/gamma.py), andDataService.get_activity(scripts/polymarket/services/data.py). - Boundary markers: The SDK does not implement specific delimiters or 'ignore' instructions for the data returned from APIs.
- Capability inventory: Trading operations via
OrderService.place_orderand fund management viaBridgeService.create_withdrawal_address(scripts/polymarket/services/clob/orders.py, scripts/polymarket/services/bridge.py). - Sanitization: Data is returned as raw strings from the API models without filtering for instruction-like patterns.
- [Credentials Handling] (SAFE): The skill handles sensitive Ethereum private keys and API credentials. It correctly implements local signing (EIP-712 and HMAC-SHA256) and encourages the use of environment variables for secret management, preventing the exposure of credentials in transit or logs.
- [External Communication] (SAFE): Network requests are strictly limited to official Polymarket domains defined in the configuration (clob.polymarket.com, gamma-api.polymarket.com, data-api.polymarket.com, and bridge.polymarket.com).
Audit Metadata