grimoire-polymarket

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly queries public Polymarket content via the venue CLI (e.g., "grimoire venue polymarket search-markets" and "markets list"/"events list"), which returns user-generated, public market/question text that the agent is expected to read and that can influence order-management decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly exposes authenticated order-management operations for Polymarket (create/post orders, market vs limit paths, cancel_order(s), cancel_all) and requires private key/API credentials and signature routing. It references market order functions (createAndPostMarketOrder) and supports placing/cancelling CLOB orders on a crypto venue (Polygon). This is a specific tool whose primary purpose is sending transactions/trading, not a generic interface, so it grants direct financial execution authority.