dapp-polymarket
Fail
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructions require the agent to download and execute an installer via
curl -sSL ... | shfrom the URLhttps://raw.githubusercontent.com/purong-huang-1121/skills-store/main/install.sh. This provides the repository owner with arbitrary command execution on the user's system. - [COMMAND_EXECUTION]: The installer is executed every time the CLI is not found and is checked for updates every 12 hours. This creates a persistent lifecycle for the remote code execution.
- [CREDENTIALS_UNSAFE]: The skill explicitly asks users to store their
EVM_PRIVATE_KEYin a.envfile for trading functions. Combined with the execution of untrusted remote code, this creates a critical risk of private key theft and loss of funds. - [PROMPT_INJECTION]: The skill lacks boundary markers when processing untrusted market data from external prediction market searches.
- Ingestion points:
plugin-store polymarket searchandmarketsresults. - Boundary markers: Absent.
- Capability inventory: Local file access (
.env), network access viaplugin-store, and transaction signing capabilities. - Sanitization: No sanitization of market names or question text is specified before processing.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/purong-huang-1121/skills-store/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata