grimoire-polymarket

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly runs the Polymarket CLI (e.g., search-markets, markets list, markets search) to fetch public Polymarket market and CLOB data (user-generated/open-market content) and instructs agents to consume JSON results for discovery and trading, so untrusted third-party market text could be read and influence order-placement decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provides order-management and trading capabilities on Polymarket. It exposes custom actions/opcodes such as "order", "cancel_order", "cancel_orders", and "cancel_all", documents the exact order parameters (token_id, price, size, side, order_type), and describes order routing to createAndPostOrder / createAndPostMarketOrder (GTC vs FOK/FAK). Runtime configuration requires a private key (POLYMARKET_PRIVATE_KEY) and supports signature routing (EOA, Gnosis Safe), showing it can sign and execute on-chain/offchain trade actions. These are specific crypto/market-order execution capabilities (not generic), so this skill grants direct financial execution authority.