polymarket-weather-trader

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly tells the agent to ask the user for their Simmer API key and wallet private key (and even shows an export command), which requires soliciting/handling highly sensitive secrets and creates exfiltration risk if the LLM receives or echoes them.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's runtime logic (weather_trader.py — e.g., discover_and_import_weather_markets, fetch_weather_markets and the main loop) fetches and imports Polymarket market data (market/question/outcome_name from https://polymarket.com via the Simmer API) and reads NOAA forecasts (api.weather.gov), parses user-generated market text (event_name/outcome_name) and uses those parsed values to decide and execute trades, so third-party market content can directly influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to execute trades and move funds. It instructs the user to provide a WALLET_PRIVATE_KEY (used to sign orders client-side), uses the Simmer API (base URL and SDK endpoints) to discover markets and portfolio data, and includes commands and flags to execute real trades (e.g., python weather_trader.py --live, buy/sell entry and exit logic). It implements smart sizing based on USDC balance, caps positions, and explicitly performs BUY and SELL actions with safeguards. It also references USDC.e on Polygon and signing orders — i.e., direct crypto wallet transaction capability. These are specific, purpose-built financial/market-order functions (not generic automation), so this skill grants Direct Financial Execution Authority.