polymarket-ai-divergence
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFE
Full Analysis
- EXTERNAL_DOWNLOADS (SAFE): The skill declares a dependency on
simmer-sdkvia pip. This is a legitimate requirement for interacting with the specified Simmer service. - DATA_EXFILTRATION (SAFE): The scripts communicate exclusively with the service domain (
api.simmer.markets). There is no evidence of local sensitive file access (e.g., SSH keys or AWS credentials) or data being sent to untrusted third-party servers. - CREDENTIALS_UNSAFE (SAFE): Authentication is handled correctly through the
SIMMER_API_KEYenvironment variable. No hardcoded secrets or API keys are present in the source code. - COMMAND_EXECUTION (SAFE): The Python scripts (
ai_divergence.pyandscripts/status.py) use standard argument parsing for configuration and filtering. There are no calls toos.system,subprocess.run, orevalwith untrusted data. - PROMPT_INJECTION (SAFE): The instructions in
SKILL.mdare purely descriptive and do not contain patterns designed to override agent behavior or bypass safety filters. - DATA_INGESTION (SAFE): While the skill processes external market data, it acts as a passive scanner. It lacks the complex command execution or write capabilities that would make it a high-risk surface for indirect prompt injection.
Audit Metadata