polymarket-maker-rebate-bot

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The agent code (scripts/agent.py) and SKILL.md explicitly fetch live market/history data from external publisher APIs (e.g., https://api.serendb.com/publishers/polymarket-data/markets and https://clob.polymarket.com/prices-history) and Seren Predictions endpoints, and it directly reads and acts on that third-party response data to build quotes, backtests, and live trading decisions—so untrusted external content can materially influence behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a Polymarket market-making/trading bot with built-in live execution. It requires and uses trading credentials (POLY_PRIVATE_KEY / WALLET_PRIVATE_KEY for EIP‑712 signing, POLY_API_KEY / POLY_PASSPHRASE / POLY_SECRET), calls a canonical live executor (py-clob-client / DirectClobTrader), and contains commands and rules to submit marketable sells/buys, unwind positions, and execute orders on the CLOB API. These are specific mechanisms to sign and send market orders (i.e., move money/crypto), not generic tooling. Therefore it grants direct financial execution authority.