polymarket-weather-trader

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly tells the agent to ask the user for their Simmer API key and wallet private key (and even shows an export command), which requires soliciting/handling highly sensitive secrets and creates exfiltration risk if the LLM receives or echoes them.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill programmatically fetches NOAA forecasts from https://api.weather.gov and discovers/imports and parses Polymarket market data (via the Simmer API and discover_and_import_weather_markets / parse_weather_event / parse_temperature_bucket code), and it uses that untrusted, user-generated market text and prices to make trading decisions and execute trades, so third-party content is read and directly drives agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to execute trades and move funds. It instructs the user to provide a WALLET_PRIVATE_KEY (used to sign orders client-side), uses the Simmer API (base URL and SDK endpoints) to discover markets and portfolio data, and includes commands and flags to execute real trades (e.g., python weather_trader.py --live, buy/sell entry and exit logic). It implements smart sizing based on USDC balance, caps positions, and explicitly performs BUY and SELL actions with safeguards. It also references USDC.e on Polygon and signing orders — i.e., direct crypto wallet transaction capability. These are specific, purpose-built financial/market-order functions (not generic automation), so this skill grants Direct Financial Execution Authority.