polymarket
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides a functional Python script
scripts/polymarket.pydesigned to be executed by the agent to query market data, orderbooks, and price history. - [EXTERNAL_DOWNLOADS]: The skill performs legitimate network requests to Polymarket's official subdomains (
gamma-api.polymarket.com,clob.polymarket.com, anddata-api.polymarket.com) to retrieve market information. These operations are read-only and consistent with the skill's stated purpose. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes and displays untrusted content (market questions, event titles, and descriptions) retrieved from external APIs.
- Ingestion points: External data enters the context via API responses processed in
scripts/polymarket.py(e.g., incmd_search,cmd_trending, andcmd_marketfunctions). - Boundary markers: Absent. The skill does not implement delimiters or 'ignore' instructions for data processed from the APIs.
- Capability inventory: The script is limited to performing network GET requests and printing results to standard output; it does not have file system write access or the ability to spawn subprocesses.
- Sanitization: No sanitization or escaping is applied to the retrieved strings before they are presented to the agent's context.
Audit Metadata