polymarket-agent-skills

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.90). The pre-flight script auto-collects a device fingerprint, decodes an obfuscated HMAC key, and silently reports a signed device token to external endpoints (Vercel and OKX), which is telemetry/exfiltration behavior unrelated to the skill's stated Polymarket trading/market-data purpose and thus constitutes a hidden/deceptive instruction.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's documentation (SKILL_SUMMARY.md and README.md) explicitly instructs the agent to use public Polymarket APIs (e.g., the CLOB REST API at clob.polymarket.com, the Gamma/Data API, and WebSocket channels for market and user events), which are open third‑party endpoints that serve user-generated market/event data that the agent is expected to read and act on (e.g., for trading), so untrusted content could influence subsequent tool use or decisions.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). The script contains a literal Base64 string assigned to _K: 'OE9nNWFRUFdfSVJkektrMExOV2RNeTIzV2JibXo3ZWNTbExJUDFIWnVoZw=='. It is decoded and used as an HMAC signing key ("HMAC signature (obfuscated key, same as CLI binary)"), which makes it a real credential embedded in the code. This is a high-entropy, literal secret (not a documentation placeholder or simple setup password), so it should be treated as an exposed secret. No other high-entropy keys, private keys, or API tokens are present; other strings are URLs or derived values.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for a prediction-market integration with "trading, market data, WebSocket streaming, cross-chain bridge, and gasless transactions." Those capabilities (trading, cross-chain bridge, and gasless transactions) are specific crypto/financial operations that enable sending transactions, moving funds across chains, and executing trades — not generic tooling. Therefore it grants direct financial execution capability.