web3-polymarket
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEDATA_EXFILTRATION
Full Analysis
- Data Exposure & Exfiltration (LOW): The skill initiates network requests to external Polymarket-specific domains (clob.polymarket.com, gamma-api.polymarket.com, etc.) and Goldsky subgraphs. These are legitimate for the skill's purpose but are not on the predefined global whitelist.
- Indirect Prompt Injection (LOW): The skill processes untrusted market data which could be manipulated to influence agent behavior. 1. Ingestion points: Gamma API, Data API, and WebSocket channels in market-data.md and websocket.md. 2. Boundary markers: No delimiters or instruction-bypass warnings are present in the provided code snippets. 3. Capability inventory: High; the skill includes functions for placing orders, managing positions, and bridging assets across chains. 4. Sanitization: No explicit sanitization or validation of the fetched market data is demonstrated in the examples.
Audit Metadata