polymarket-scanner
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected. The skill implements read-only data retrieval from official Polymarket API endpoints (gamma-api.polymarket.com and clob.polymarket.com).
- [PROMPT_INJECTION]: The skill identifies a potential indirect prompt injection surface by processing user-generated market descriptions from Polymarket. However, this is addressed through developer warnings and sanitization.
- Ingestion points: Market metadata fetched in
scripts/scan_markets.pyfrom the Gamma API. - Boundary markers:
SKILL.mdcontains an explicit warning to treat market names as untrusted data. - Capability inventory: The scripts are limited to data fetching and printing JSON to standard output. They lack dangerous capabilities like file writing or subprocess execution based on the fetched data.
- Sanitization:
scripts/scan_markets.pyincludes asanitize_textfunction that strips control characters and limits the length of external content.
Audit Metadata