polymarket-prices
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill communicates with
https://clob.polymarket.com. This is the legitimate endpoint for fetching Polymarket price data. No external scripts or packages from untrusted sources are downloaded for execution.\n- [DATA_EXFILTRATION] (SAFE): No access to sensitive files or environmental secrets was found. The skill only performs read operations against a public API and does not exfiltrate user data.\n- [COMMAND_EXECUTION] (SAFE): The shell commands used are limited tocurlandjqfor API interaction and data parsing. There are no attempts at privilege escalation or persistence.\n- [PROMPT_INJECTION] (SAFE): The skill possesses an indirect prompt injection surface as it ingests data from an external API. However, the risk is negligible as the data consists of structured financial records (prices, sizes) processed through strict filtering tools.\n - Ingestion points: JSON responses from
clob.polymarket.com(SKILL.md)\n - Boundary markers: None explicitly defined, but structural JSON parsing is used.\n
- Capability inventory: Fetches numerical market data and filters it using
jq.\n - Sanitization: External data is parsed as JSON and filtered for specific keys, preventing raw instruction processing.
Audit Metadata