polymarket

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's "Research endpoints (public, no auth)" (e.g., GET /agent/polymarket/public-search, GET /agent/polymarket/events, GET /agent/polymarket/markets and related endpoints) clearly fetch public Polymarket market/event data (user-generated/untrusted content) which the SKILL.md's Research → trade workflow requires the agent to read and use to make trading decisions, so third-party content can influence tool use and next actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provides trading and on-chain transaction endpoints: placing limit orders (POST /agent/polymarket/order), placing market orders (POST /agent/polymarket/order/market), batch orders, cancelling orders, and submitting on-chain USDC.e/CTF approval transactions (POST /agent/polymarket/approvals). It requires EVM wallet delegation and EIP‑712 signing and uses USDC.e on Polygon for trades. These are focused, specific crypto/market execution capabilities (creating/spending tokens, sending transactions, and executing market/batch orders), not generic tools—therefore it grants direct financial execution authority.