openfin-polymarket

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and ingests public Polymarket data (e.g., GET /agent/polymarket/public-search, /events, /markets, /trades, /orderbook) and the SKILL.md "Research → trade workflow" requires the agent to read and act on that user-generated/open-market content to make trading decisions, so untrusted third‑party content can materially influence tool use.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading integration for Polymarket and includes endpoints that perform real financial actions: placing limit and market orders (POST /agent/polymarket/order, /order/market, /orders), submitting on-chain approvals (POST /agent/polymarket/approvals), and cancelling orders. It references on-chain deposit wallets, pUSD (a token contract), EIP-712 signing, gas-paying transactions, and returns tx hashes. These are specific crypto/blockchain financial execution capabilities (sending transactions, moving/approving collateral, executing market orders), not generic tooling — so it grants direct financial execution authority.