web3-polymarket

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs agents to fetch and subscribe to open/public Polymarket endpoints (e.g., Gamma API https://gamma-api.polymarket.com, Data API https://data-api.polymarket.com, CLOB read endpoints and public WebSocket wss://ws-subscriptions-clob.polymarket.com) to read market/event data (including user-authored market titles and event text) which the agent is expected to interpret and use to drive trading actions — exposing it to untrusted, user-generated third‑party content that can influence tool use.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a Polymarket trading integration on Polygon and contains concrete, specific financial-execution capabilities: deriving API credentials from a wallet private key, initializing trading clients, creating and posting orders (GTC/GTD/FOK/FAK, batch, cancel), bridge operations (deposits/withdrawals/multi-chain), CTF token operations (split/merge/redeem), and gasless relayer transactions. Example code shows using a PRIVATE_KEY and functions like createAndPostOrder/create_and_post_order. These are direct crypto/blockchain transaction and market-order APIs intended to move funds or execute trades, so it meets the criteria for Direct Financial Execution.