polymarket
Fail
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [REMOTE_CODE_EXECUTION]: The documentation in README.md and SKILL.md encourages users to install the Polymarket CLI via 'curl -sSL https://raw.githubusercontent.com/Polymarket/polymarket-cli/main/install.sh | sh'. This pattern of piping remote scripts directly into a shell is a critical risk when the source repository is not explicitly trusted.
- [COMMAND_EXECUTION]: The script 'scripts/polymarket.py' executes external binaries using 'subprocess.run' and 'os.execvp'. Specifically, it calls the 'polymarket' CLI for trading and wallet operations, allowing for the execution of arbitrary commands if the binary is compromised or path-hijacked.
- [CREDENTIALS_UNSAFE]: The skill explicitly references and manages a sensitive configuration file at '~/.config/polymarket/config.json' which stores the user's private keys. The 'cmd_wallet_show' and 'cmd_wallet_setup' functions interact with this sensitive data.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8).
- Ingestion points: Market titles, descriptions, and event data are fetched from 'https://gamma-api.polymarket.com' in 'scripts/polymarket.py'.
- Boundary markers: No boundary markers or 'ignore' instructions are used when displaying external content to the agent.
- Capability inventory: The agent has the ability to execute terminal commands via 'subprocess.run' and 'os.execvp' through the provided script functions.
- Sanitization: External data is printed directly to the console without sanitization, allowing malicious market data to potentially influence agent behavior.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/Polymarket/polymarket-cli/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata