polymarket-mert-sniper

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt tells the agent to ask the user for the Simmer API key and the wallet private key and to store them (env vars or config.json) and even shows export commands, which requires the LLM to receive and could output or embed secrets verbatim, creating high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill fetches market and context data from the public Simmer/Polymarket API (e.g., GET /api/sdk/markets via get_client/_request and get_market_context in mert_sniper.py, and scripts/status.py calling https://api.simmer.markets), and it reads user-generated market questions/metadata and uses that data to decide and execute trades—so untrusted third-party content directly influences actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to execute real trades on Polymarket. It requires a wallet private key (WALLET_PRIVATE_KEY) for signing orders, uses the Simmer API (SIMMER_API_KEY), and provides a --live mode that "Execute real trades" and statements like "Execution: Places trade on the favored side, capped at max bet" and "The SDK signs orders automatically" — all indicating direct transaction/asset-moving capability (crypto USDC trading). This meets the crypto/blockchain and payment execution criteria for Direct Financial Execution.