polymarket-knowledge

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly directs the agent to connect to Polymarket WebSocket and API endpoints (SKILL.md and references/websocket-events.md list wss://ws-subscriptions-clob.polymarket.com/ws/market, /ws/user and Gamma API market endpoints) and to parse USER_ORDER/USER_TRADE and market fields (including freeform "question" text), so it ingests public, user-generated market data from third-party sources that the agent is expected to read and that can materially influence trading decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is an explicit, purpose-built reference for the Polymarket CLOB trading API and order lifecycle. It documents placing, filling, and cancelling orders, order types (GTC, FOK, etc.), minimum USDC order value, and authenticated USER websocket endpoints and USER_ORDER/USER_TRADE events. It therefore directly enables market order management and crypto-related financial operations (USDC.e), not a generic tool. This meets the criteria for Direct Financial Execution.