polymarket

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's code and SKILL.md explicitly fetch and parse public Polymarket data from the Gamma API (https://gamma-api.polymarket.com) in scripts/polymarket.py, and that user-generated market/event content is read and used to inform searches, summaries and potential trading decisions, so untrusted third-party content could indirectly influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform cryptocurrency financial operations on Polymarket: it provides wallet setup and storage of a private key, wallet-balance and wallet-show commands, and concrete trading commands (buy/sell limit and market orders, amount/size, cancel orders, cancel all) that execute on-chain on Polygon using real USDC and require signing. It wraps the Polymarket CLI and instructs on private key configuration and on-chain gas requirements. These are specific tools/functions to move money (create and send market and limit orders, cancel orders, manage positions and balances), including crypto wallet management and transaction signing—so it grants direct financial execution capability.