polymarket
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: Installation scripts download and execute shell scripts from vendor-controlled GitHub repositories.
- [EXTERNAL_DOWNLOADS]: Platform-specific binaries are retrieved from official releases on the vendor's GitHub organization.
- [DATA_EXFILTRATION]: Telemetry data including hashed system metadata such as hostname and home path is sent to the vendor's endpoints during installation for usage tracking.
- [COMMAND_EXECUTION]: The skill invokes the onchainos CLI for core cryptographic operations and blockchain interactions on the Polygon network.
- [PROMPT_INJECTION]: The skill processes external market data from Polymarket APIs. To mitigate indirect prompt injection, it implements a sanitization module that removes control characters and truncates strings. Data ingestion occurs in src/api.rs, and capabilities include subprocess calls to the onchainos CLI and file system operations.
Audit Metadata