polymarket-agent-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests live market and user-event data from Polymarket's public APIs and WebSocket streams (e.g., clob.polymarket.com, the Gamma/Data APIs, and WebSocket channels) as described in SKILL_SUMMARY.md and SUMMARY.md, and that untrusted third-party content is read by the agent and used to drive trading/ordering decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly targets a prediction-market platform and lists trading, cross-chain bridge, and gasless transactions. "Trading" and "cross-chain bridge" imply placing market orders and moving crypto across chains; "gasless transactions" implies sending/sponsoring blockchain transactions. These are specific financial execution capabilities (crypto trading and transaction execution), not generic tooling.