polymarket-strategy-advisor
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill provides a legitimate and disciplined framework for prediction market analysis and paper trading. It implements well-known financial principles and strict risk management rules to guide agent behavior.
- [EXTERNAL_DOWNLOADS]: The scripts advisor.py and backtest.py connect to the official Polymarket API (gamma-api.polymarket.com) and CLOB API (clob.polymarket.com) to retrieve market metadata, volume, and orderbook prices. These are well-known technology services required for the skill's primary functionality.
- [COMMAND_EXECUTION]: The skill includes executable Python scripts to automate market scanning and portfolio management. These scripts interact with a local SQLite database (~/.polymarket-paper/portfolio.db) to maintain trade history and account state.
- [DATA_EXFILTRATION]: Analysis confirmed no unauthorized access to sensitive local files (e.g., SSH keys, credentials) or transmission of user data to untrusted external domains.
- [PROMPT_INJECTION]: An indirect prompt injection surface exists where the skill retrieves market titles and questions from Polymarket APIs. While these strings are not sanitized, the risk is mitigated by the skill's rigid instructional methodology which prioritizes numerical analysis over processed text.
Audit Metadata