grimoire-polymarket
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill primarily operates by invoking shell commands through the
grimoireandpolymarketCLI tools to query market data and manage orders. - [EXTERNAL_DOWNLOADS]: The skill requires the installation of the official Polymarket CLI from its GitHub repository using Homebrew (
brew tap Polymarket/polymarket-cli), which is a well-known service in the prediction market space. - [REMOTE_CODE_EXECUTION]: Utilizes
npx -y @grimoirelabs/clito download and execute code from the npm registry at runtime, which allows the agent to run the latest version of the wrapper tool without manual installation. - [CREDENTIALS_UNSAFE]: The skill instructs the user to provide highly sensitive information, including
POLYMARKET_PRIVATE_KEYand API credentials, through environment variables to facilitate blockchain transactions and authenticated API requests. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection, a surface where instructions embedded in external data (like market titles or event descriptions) could influence agent behavior.
- Ingestion points: User-supplied parameters for the
search-marketscommand (such as--query,--slug,--question,--event,--tag,--category,--league, and--sport) are passed to the external API, and the results are returned to the agent context. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands within the market data are present in the skill definition.
- Capability inventory: The skill possesses the ability to execute shell commands and perform sensitive financial operations (order placement and cancellation) on the Polygon blockchain.
- Sanitization: There is no evidence of sanitization or validation of the market metadata fetched from the external Polymarket backend before it is interpreted by the agent.
Audit Metadata