polymarket-trading

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly shows and prioritizes passing raw private keys on the command line (e.g., --private-key 0xabc... and polymarket wallet import 0xKEY...) and instructs showing exact commands, which requires the LLM to include secret values verbatim and creates exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflows and commands (e.g., "Market Discovery" / "Research a market" and commands like polymarket markets search, polymarket markets get, and polymarket clob book in SKILL.md) explicitly fetch and read market questions, order books, and other public Polymarket data (user-generated/open web content) that the agent is expected to interpret and use for trading decisions, so untrusted third-party content can materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's installation instructs running a fetched shell script via "curl -sSL https://raw.githubusercontent.com/Polymarket/polymarket-cli/main/install.sh | sh", which downloads and immediately executes remote code and the CLI it installs is a required dependency for the skill.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading integration for Polymarket and includes direct on-chain financial operations: placing limit and market orders (polymarket clob create-order, market-order, post-orders), canceling orders, checking/updating balances, splitting/merging/redeeming USDC via conditional token commands (ctf split/merge/redeem), wallet management including private-key configuration and imports, contract approvals (polymarket approve set), and bridge deposits. These are concrete crypto/blockchain and payment-moving capabilities (requires MATIC/USDC and private keys) designed to execute financial transactions, not generic tooling.