polymarket-paper-trader
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches live order book and market metadata from official Polymarket API endpoints (clob.polymarket.com and gamma-api.polymarket.com). These are well-known services and the fetches are used for intended data retrieval.
- [REMOTE_CODE_EXECUTION]: A documentation example in SKILL.md pipes API output to a Python command. The Python code is a static JSON parser used for market discovery and does not involve executing dynamic code from the remote source.
- [PROMPT_INJECTION]: The skill processes market questions from the Polymarket API.
- Ingestion points: paper_engine.py (lookup_market) and health_check.py (run_health_check).
- Boundary markers: Absent.
- Capability inventory: Local SQLite writes and HTTP GET requests to well-known APIs; no OS command execution or file-system writing outside application directory.
- Sanitization: Market questions are truncated for display but not otherwise sanitized.
- [SAFE]: The skill follows security best practices, including regex-based validation of Token IDs and atomic transaction management for its local database.
Audit Metadata