polymarket-portfolio
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): Performs network requests to data-api.polymarket.com and polygon-rpc.com. These are functional requirements for tracking Polymarket portfolios and accessing blockchain data. No unauthorized data access or exfiltration of sensitive local files was detected.
- [Indirect Prompt Injection] (SAFE): A potential attack surface exists due to the ingestion of external data. Evidence: 1. Ingestion points: API responses from data-api.polymarket.com. 2. Boundary markers: Absent in the provided scripts. 3. Capability inventory: Network reads and data formatting (curl, jq). 4. Sanitization: Data is parsed as JSON, but the content of fields is not specifically sanitized for instruction injection. Severity is classified as SAFE as these operations are intrinsic to the primary skill purpose.
- [Command Execution] (SAFE): Utilizes standard utilities like curl, jq, awk, and printf for data processing. The shell commands are static and do not interpolate unsanitized user inputs into executable contexts.
Audit Metadata