polymarket-tracker
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches market data and trade information from Polymarket's Gamma and CLOB APIs (gamma-api.polymarket.com and clob.polymarket.com).
- [EXTERNAL_DOWNLOADS]: The script communicates with skillpay.me to manage user billing, check balances, and process micro-transactions.
- [DATA_EXFILTRATION]: User-provided API keys and user identifiers are sent to the skillpay.me endpoint for authentication and billing purposes.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Ingestion points: Market titles and metadata are retrieved from external Polymarket APIs in scripts/track_volume.py. Boundary markers: The output lacks markers to isolate untrusted external content. Capability inventory: No high-risk system capabilities are present in the script. Sanitization: Market data is displayed directly without filtering or sanitization, which could allow malicious market names to influence agent behavior.
Audit Metadata