polymarket-signal-sniper
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches data from user-specified RSS feeds via the fetch_rss function in signal_sniper.py. It includes a validate_url helper that implements Server-Side Request Forgery (SSRF) protections by blocking access to localhost, private IP ranges, and cloud metadata endpoints.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its ingestion of external RSS content. Ingestion points: Fetches article headlines and summaries from remote URLs in signal_sniper.py. Boundary markers: Absent; the instructions in SKILL.md do not provide delimiters or warnings for the agent to distinguish between internal instructions and external article content. Capability inventory: The skill can execute trades on Polymarket using the execute_trade function. Sanitization: Implements XXE protection via defusedxml and SSRF protection, but lacks NLP-based sanitization for malicious instructions in news text.
- [CREDENTIALS_UNSAFE]: The skill handles sensitive authentication tokens for the Simmer API and Polymarket wallet. Evidence: SIMMER_API_KEY and WALLET_PRIVATE_KEY are utilized as environment variables. Context: Credentials are not hardcoded, following security best practices for environment-based configuration.
Audit Metadata