polymarket-trader
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONNO_CODEPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill instructions define commands that execute a local Python script by interpolating user input directly into a bash shell string. Specifically, the commands 'python3 {baseDir}/scripts/polymarket.py search ""' and 'python3 {baseDir}/scripts/polymarket.py category ' are vulnerable. A malicious user could provide a query such as '"; id; #' to execute arbitrary system commands with the privileges of the agent.
- NO_CODE (MEDIUM): The logic for interacting with the Polymarket API and handling the API keys resides in 'scripts/polymarket.py', which is referenced but not included in the skill package. This prevents verification of how 'UNIFAI_AGENT_API_KEY' and 'GOOGLE_API_KEY' are used and whether the script performs safe network operations.
- INDIRECT_PROMPT_INJECTION (LOW): The skill fetches market data (titles, descriptions) from an external source (Polymarket via UnifAI). This content is untrusted and could contain hidden instructions targeting the LLM.
- Ingestion points: External data fetched by 'scripts/polymarket.py' and returned to the agent context.
- Boundary markers: None identified in the instruction markdown.
- Capability inventory: Display of market data; local script execution.
- Sanitization: No evidence of sanitization or filtering of API responses before they are presented to the agent.
Recommendations
- AI detected serious security threats
Audit Metadata