polymarket-analyzer
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill utilizes official Polymarket endpoints (gamma-api.polymarket.com and clob.polymarket.com) to fetch public market data for analysis.
- [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill requires the 'py-clob-client' library, which is the official and well-known Python SDK provided by Polymarket for interacting with their order book. This is documented as a standard requirement for the skill's primary functionality.
- [DATA_EXPOSURE_AND_EXFILTRATION]: The correlation tracker script reads from a local SQLite database (~/.polymarket-paper/portfolio.db). This is an application-specific file used to track simulated 'paper' trades and does not involve the extraction of sensitive system credentials or private user data.
- [INDIRECT_PROMPT_INJECTION]: The skill processes market questions (strings describing events) from external APIs. While this data is technically untrusted, the skill performs structured text analysis (keyword extraction and regex matching) and does not pass these strings to any executable sinks like eval() or shell subprocesses, effectively mitigating the risk.
Audit Metadata