The Agent Skills Directory

CREDENTIALS_UNSAFE (HIGH): The skill's setup instructions in SKILL.md explicitly require the user to store their Polymarket wallet private key in a environment variable named WALLET_PRIVATE_KEY. This is a dangerous practice as environment variables are often logged or accessible to other processes in the same environment, potentially leading to total loss of funds.\n- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the installation of the simmer-sdk Python package via pip. This is an external dependency from a non-trusted source which has the capability to execute code on the host system.\n- DATA_EXPOSURE (LOW): The scripts and documentation indicate the skill sends account data and API keys to api.simmer.markets. While this is necessary for the skill's function, it exposes portfolio information to a third-party service.\n- INDIRECT_PROMPT_INJECTION (LOW): The skill processes external market data (questions and descriptions) from the Polymarket API via Simmer. This untrusted data is interpolated into the agent's context without clear boundary markers or sanitization, creating a surface for potential injection.

polymarket-mert-sniper