polymarket-analyzer
Fail
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The SKILL.md file contains installation instructions that use a 'curl | sh' pattern to download and execute a shell script from a remote URL (https://raw.githubusercontent.com/Polymarket/polymarket-cli/main/install.sh). This repository belongs to an organization that is not on the trusted vendors list, posing a critical risk of arbitrary remote code execution.
- [EXTERNAL_DOWNLOADS]: The skill depends on the 'yfinance' package and fetches data from numerous external domains, including several news organizations (Reuters, SCMP, FT, Caixin), CNN's Fear & Greed API, Reddit, and the World Bank's macro indicators API.
- [COMMAND_EXECUTION]: Several scripts, including polymarket_analyzer.py and query-markets.sh, execute the 'polymarket' CLI tool and other shell commands through subprocess calls to perform data retrieval and filtering.
- [PROMPT_INJECTION]: The skill ingests untrusted text data from third-party sources such as Polymarket questions, news headlines, and social media posts (ingestion points in scripts/fetch-cn-news.sh and scripts/polymarket_analyzer.py). There are no sanitization steps or boundary markers to prevent malicious instructions within this data from influencing the agent's judgment. Given that the skill also has the capability to execute shell commands, this creates a significant surface for indirect prompt injection.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/Polymarket/polymarket-cli/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata