polymarket

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes explicit examples that pass a private key literal (export POLYMARKET_PRIVATE_KEY=0x... and polymarket.configure(private_key="0x...")), which requires embedding secret values verbatim and is an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly calls public Polymarket APIs (Gamma and CLOB) as documented in references/api.md and the SKILL.md workflows (search_markets, get_todays_events, get_market_prices), ingesting user-created market metadata and prices that the agent reads and uses to drive presentation and trading actions, so untrusted third-party content could indirectly influence behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly exposes trading/transaction functions and wallet configuration for a crypto-native market. It requires a private key (env var or configure(private_key)) and lists commands that place/cancel orders: create_order (place limit order), market_order (place market order), cancel_order, cancel_all_orders, get_user_trades. These are specific financial execution actions (signing/sending transactions and moving funds on a blockchain orderbook), not generic API or browsing capabilities. Therefore it grants direct financial execution authority.