Skills
skills/franalgaba/grimoire/grimoire-polymarket/Gen Agent Trust Hub

grimoire-polymarket

Pass

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill executes code from @grimoirelabs/cli via npx and suggests installing the polymarket CLI via Homebrew. These are vendor resources and resources from a well-known service, respectively.
  • [DATA_EXPOSURE_AND_EXFILTRATION]: The skill requires sensitive environment variables such as POLYMARKET_PRIVATE_KEY and API credentials to perform authenticated trading operations. This is a common requirement for such tools.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from market descriptions and metadata. 1. Ingestion points: search-markets, markets list, events list, and clob book. 2. Boundary markers: Absent. 3. Capability inventory: High-privilege financial actions including order, cancel_order, and cancel_all. 4. Sanitization: No explicit sanitization of market-sourced text is documented.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 26, 2026, 05:11 PM