polymarket-plugin

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches market data from external Polymarket services (Polymarket CLOB API, Gamma API, and Data API) via commands like list-markets and get-market, and SKILL.md requires the agent to read and act on those API-sourced fields (e.g., Pre-sell Liquidity Check and order construction), so untrusted third-party content can influence trading decisions and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's pre-flight steps fetch and run remote install scripts and binaries at runtime (e.g. curl -fsSL https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh | sh and curl -fsSL https://raw.githubusercontent.com/okx/plugin-store/main/scripts/launcher.sh … plus the plugin binary from https://github.com/okx/plugin-store/releases/download/plugins/polymarket-plugin@0.4.10/...), so external content is executed during runtime and is a required dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading plugin for Polymarket on Polygon and includes direct financial execution commands: buy, sell (market and limit orders), deposit, withdraw, redeem, setup-proxy, cancel, and balance checks. It performs on-chain operations (EIP‑712 signing via onchainos, USDC.e approvals, contract calls, proxy wallet deployment), handles USDC.e transfers/bridging, and broadcasts transactions. This is a purpose-built crypto trading/payment capability (market orders and wallet operations), not a generic tool. Therefore it grants direct financial execution authority.