polymarket-ai-divergence

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill fetches market data from Simmer's public API (get_markets() calls GET /api/sdk/markets/opportunities and scripts/status.py calls /api/sdk/markets) which includes external_price_yes values imported from public venues like Polymarket/Kalshi — that untrusted, user-generated public market content is directly read and used by run_divergence_trades() to decide sides, sizing, and to execute trades.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading bot for prediction markets (Polymarket/Kalshi). It describes scanning for edges, sizing bets (Kelly, max_bet_usd, kelly_cap, daily_budget), and — crucially — executing trades ("Executes trades on the mispriced side", "Scan + execute trades", CLI --live). The API surface includes a trade execution endpoint (POST /api/sdk/trade — Trade execution via SDK client) and position/portfolio endpoints. These are specific, purpose-built financial operations that send orders and move funds/positions, not generic tooling. Therefore it grants direct financial execution authority.