polymarket-fast-loop
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- CREDENTIALS_UNSAFE (HIGH): The SKILL.md documentation explicitly directs the user to store their Polymarket wallet private key in an environment variable (
export WALLET_PRIVATE_KEY=...). This is an extremely unsafe practice for AI agents, as environment variables are often accessible to all processes in the shell session and can be easily exfiltrated by a compromised agent or via simple prompt injection. - COMMAND_EXECUTION (HIGH): The skill provides specific instructions to set up persistence through
cronjobs (e.g.,*/5 * * * * cd /path/to/skill && python fastloop_trader.py). This establishes a permanent, recurring execution mechanism on the host system that operates without human intervention. - Audit Gap (MEDIUM): The core execution logic,
fastloop_trader.py, is missing from the skill files. As this script handles the private key, signs transactions, and communicates with external APIs, its absence prevents a full audit for backdoors, hidden exfiltration logic, or malicious network behavior. - Indirect Prompt Injection (LOW): The skill has a high surface for indirect injection (Category 8) as it processes data from external market APIs. Evidence: 1. Ingestion: Polymarket Gamma API and Binance price feeds. 2. Boundaries: No delimiters or sanitization mentioned. 3. Capabilities: Financial trade execution and network requests. 4. Sanitization: Not documented.
Recommendations
- AI detected serious security threats
Audit Metadata