polymarket-references

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's documentation and workflow explicitly instruct clients to fetch and subscribe to public Polymarket APIs and WebSocket streams (e.g., resources/api-reference.md GET /comments and RTDS "comments" topic, plus bot-patterns.md WebSocket handlers and message routing) which ingest user-generated, public content that the agent is expected to read and that can influence trading/automation decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about Polymarket trading and integration: it documents CLOB trading endpoints, "order placement", an "order-guide" (GTC/GTD/FOK/FAK, parameters, lifecycle), SDKs/clients (Python/TS/Rust) and signature types, contracts, and related operations (split/merge/redeem, gasless transactions, market-maker tooling). These are specific APIs and functions intended to place and manage market orders and interact with blockchain-based trading infrastructure — i.e., direct financial execution capabilities. This is not a generic browser or HTTP tool; it is specifically designed for moving funds/placing trades.