polymarket-bot

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches public, user-generated market data from Polymarket (polymarket-data) and performs web research via the Perplexity publisher (see SKILL.md and scripts/agent.py: research_opportunity calling self.seren.research_market and estimate_fair_value), and those third‑party research summaries and market content are directly consumed by the agent to estimate fair value and drive trading decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The agent calls Seren publishers at runtime (e.g., via https://api.serendb.com) to fetch Perplexity research (seren.research_market) and then injects that remote research text into the Claude prompt used to estimate fair value, so external content fetched at runtime directly controls the model prompt and is a required dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a live trading agent for Polymarket: it is specifically designed to execute market orders, manage positions, and sign/send transactions. It requires Polymarket API credentials and wallet private keys (POLY_PRIVATE_KEY / WALLET_PRIVATE_KEY, POLY_API_KEY, POLY_PASSPHRASE, POLY_SECRET), uses py-clob-client via DirectClobTrader with local EIP-712 signing, and contains explicit rules for fetching order books, submitting marketable sells/buys, sweeping the book, and running scheduled live execution. This is direct crypto/blockchain and market-order execution capability (not a generic tool), so it grants direct financial execution authority.