polymarket
Fail
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation and scripts reference and download assets from the official Polymarket GitHub repository (github.com/Polymarket).
- [REMOTE_CODE_EXECUTION]: The recommended installation method for the required CLI utility involves fetching a shell script from the project's official GitHub repository and executing it directly via a pipe to the system shell.
- [COMMAND_EXECUTION]: The Python script
scripts/polymarket.pyutilizes thesubprocess.runandos.execvpfunctions to execute the localpolymarketbinary for facilitating trades and managing wallet operations. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its processing of external market data. \n
- Ingestion points: Market questions, event titles, and descriptions are fetched from the Gamma API (
https://gamma-api.polymarket.com) inscripts/polymarket.py. \n - Boundary markers: Market data is presented to the agent without boundary markers or specific isolation instructions to prevent the execution of embedded commands. \n
- Capability inventory: The skill has the capability to execute buy/sell orders and perform financial transactions through its CLI wrapper. \n
- Sanitization: No evidence of sanitization or filtering was found for the strings retrieved from the external API before they are processed by the agent.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/Polymarket/polymarket-cli/main/install.sh - DO NOT USE without thorough review
Audit Metadata