polymarket-analyst
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): The skill communicates with well-documented public API endpoints for Polymarket (data-api, gamma-api, and clob). These network calls are essential for the skill's primary function of fetching trader history and do not involve the exfiltration of sensitive local credentials or files.
- [Indirect Prompt Injection] (SAFE): The skill processes external data from Polymarket which could theoretically contain malicious content in fields like market titles. Ingestion points: scripts/fetch_trader_data.py fetches external API responses. Boundary markers: The SKILL.md documentation specifies structured Markdown reporting but does not explicitly define sanitization or escaping markers. Capability inventory: The skill uses local Python scripts for data processing. Sanitization: None observed in instructions. This surface is evaluated as SAFE because the data is used for quantitative metrics and descriptive reporting rather than as source material for agent-executed commands.
- [Command Execution] (SAFE): The skill instructions and settings (settings.local.json) correctly identify and authorize the use of local Python scripts bundled with the skill. This is a standard and safe implementation for data analysis tasks.
Audit Metadata