polymarket-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). SKILL.md explicitly requires using web_search and the Web Fetch capability to ingest and summarize open web content (news articles, Twitter/X, Reddit posts, and arbitrary URLs) and then uses those findings to compute edges and drive trading decisions, so the agent will read untrusted third‑party/user‑generated content that can materially influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading agent for Polymarket and includes CLI commands that directly execute financial transactions: it requires wallet setup ("poly setup / Configure your wallet"), exposes balance and positions ("poly balance", "poly positions"), and provides explicit order execution commands ("poly buy <TOKEN_ID> --yes", "poly sell <TOKEN_ID> --yes") and autonomous execution when configured. These are specific tools/functions to move money (place market orders and manage crypto/USDC wallet), not generic automation, so it grants direct financial execution authority.