polymarket

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and displays live market/event data from Polymarket's public Gamma API (BASE_URL https://gamma-api.polymarket.com and polymarket.com event endpoints as used in scripts/polymarket.py and SKILL.md), which is public/user-driven content that the agent reads and can influence trading decisions—so untrusted third-party content could inject instructions indirectly.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly exposes crypto trading and wallet management functionality: wallet-setup and private-key configuration, commands to place trades (buy/sell, market orders) with a --confirm flag to execute, cancel orders, view positions, and notes that trades execute on Polygon with real USDC and require gas/MATIC. It wraps the Polymarket CLI (which signs/sends on-chain transactions). These are specific crypto/transaction execution capabilities intended to move funds.