polymarket-copytrading
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- CREDENTIALS_UNSAFE (HIGH): The skill requires the
WALLET_PRIVATE_KEYenvironment variable to sign transactions. While this is necessary for the skill's primary function of copytrading, handling raw private keys is inherently high-risk. Because the core logic script (copytrading_trader.py) is missing, it is impossible to verify that the key is not being logged, exposed, or exfiltrated to an unauthorized third party. Per the trust rules, this is downgraded to MEDIUM as it is tied to the primary purpose, but remains the primary risk factor. - COMMAND_EXECUTION (MEDIUM): The documentation extensively references and instructs the agent to execute a script named
copytrading_trader.py. However, this script is not included in the skill package. This creates a 'blind spot' where the agent might attempt to run code that is either missing or expected to be present in the environment, which could lead to unpredictable behavior or execution of unvetted local files. - EXTERNAL_DOWNLOADS (LOW): The skill requires the installation of the
simmer-sdkvia pip. This is a third-party dependency. Users should verify the authenticity of this package before installation as it will have access to the provided API keys and wallet private key. - [Indirect Prompt Injection] (LOW): The skill ingests untrusted data from the Simmer API (market questions and position details) and user-provided wallet addresses.
- Ingestion points:
scripts/status.pyviaapi_requestand the missingcopytrading_trader.pyvia command line arguments. - Boundary markers: Absent; API data is processed and printed directly.
- Capability inventory: The skill can execute Python scripts and perform network operations to the Simmer API.
- Sanitization: Absent; market strings and API responses are used without escaping or validation.
Audit Metadata