Skills
skills/mjunaidca/polymarket-skills/polymarket-strategy-advisor/Snyk

polymarket-strategy-advisor

Warn

Audited by Snyk on Mar 9, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill's core workflow (SKILL.md and scripts/advisor.py) explicitly fetches live market and orderbook data from public third‑party APIs (e.g., https://gamma-api.polymarket.com in fetch_markets and https://clob.polymarket.com in fetch_orderbook) and the strategy docs also instruct monitoring open news sources (RSS/Twitter/news APIs); that externally‑sourced, untrusted content is parsed and directly drives the agent's trade classification, sizing, and execution decisions, creating a clear avenue for indirect prompt injection.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 9, 2026, 02:20 PM