polymarket-analysis
Warn
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts to perform market analysis and fetch user profile data. Evidence: References scripts such as
scripts/monitor-polymarket-market.pyandscripts/fetch-polymarket-user-profile.py. - [COMMAND_EXECUTION]: The skill facilitates automated, persistent monitoring of market data. Evidence: Mentions
references/market-monitoring-setup.mdfor establishing 24/7 market monitoring using cron jobs. - [EXTERNAL_DOWNLOADS]: The skill retrieves market data from official Polymarket API endpoints. Evidence: Interacts with
gamma-api.polymarket.com,data-api.polymarket.com, andclob.polymarket.com. These are recognized as legitimate services for the skill's primary purpose. - [PROMPT_INJECTION]: The skill processes untrusted external inputs and API responses, making it vulnerable to indirect prompt injection. Evidence: 1. Ingestion points: Market slugs, wallet addresses, and data returned from Polymarket APIs. 2. Boundary markers: No delimiters or specific instructions to ignore embedded commands are present in the markdown. 3. Capability inventory: The skill executes subprocesses (scripts) and performs network operations. 4. Sanitization: The provided file does not include details on data validation or sanitization mechanisms.
Audit Metadata