polymarket
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires installing sports-skills (vendor package) and py_clob_client (standard library for Polymarket API) to enable full functionality.\n- [COMMAND_EXECUTION]: A shell script located at scripts/validate_params.sh is used to validate command arguments during runtime.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via external market data.\n
- Ingestion points: Market names, slugs, and event details are fetched from the Polymarket API via search_markets and get_market_details.\n
- Boundary markers: No explicit delimiters or instructions to ignore instructions within the fetched data are provided in the skill instructions.\n
- Capability inventory: The skill includes high-privilege trading capabilities such as create_order and market_order, and shell execution via scripts/validate_params.sh.\n
- Sanitization: The skill does not demonstrate active sanitization or validation of the text content retrieved from the external prediction markets.
Audit Metadata