polymarket-signal-sniper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and parses arbitrary public RSS feeds provided by users (see signal_sniper.py's fetch_rss/validate_url logic and SKILL.md quick-start examples like "Watch this RSS feed: https://news.google.com/rss/..."), and those untrusted third‑party articles are presented for the agent (Claude) to analyze and can drive trade decisions, so untrusted content can materially influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to execute real trades on Polymarket. It includes an API base URL and portfolio/positions endpoints, a --live flag to "Execute real trades," example trade flows showing "Execute: BUY YES $25," trade size limits and safeguards, and environment variables controlling max USD per trade. It also references WALLET_PRIVATE_KEY for signing orders and discusses USDC.e on Polygon and swapping tokens — i.e., direct blockchain wallet signing and token management. These are specific payment/trading integrations and transaction-execution capabilities, not generic tooling. Therefore it grants direct financial execution authority.