polymarket
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No patterns detected that attempt to override agent instructions or bypass safety filters. The language is purely instructional and focused on API integration.- [Data Exposure & Exfiltration] (SAFE): While the skill discusses sensitive credentials (Private Keys, API Keys), it explicitly warns against hardcoding them and provides standard environmental variable placeholders. No commands to exfiltrate data were found.- [Indirect Prompt Injection] (LOW): The skill interacts with external, untrusted data via the Polymarket Gamma and CLOB APIs. 1. Ingestion points: Market titles, event descriptions, and orderbook data fetched from polymarket.com subdomains. 2. Boundary markers: Not defined in this documentation. 3. Capability inventory: Includes market discovery, order placement, and position management. 4. Sanitization: Not mentioned in the README. This represents a standard surface for indirect injection if market metadata contains malicious prompts.- [External Downloads] (SAFE): The documentation links to official SDKs on GitHub (Polymarket organization). No automated installation scripts or piped remote execution patterns are present.
Audit Metadata