polymarket-copytrading

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and imports public Polymarket content and whale wallet positions (e.g., via execute_copytrading POST /api/sdk/copytrading/execute which aggregates positions from target wallets and client.import_market("https://polymarket.com/event/{slug}") in run_reactive), so untrusted, user-generated market data from Polymarket/wallets is read and directly drives trade planning and execution.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly built to execute market orders on Polymarket via the Simmer SDK/API. It includes commands and flags to perform real trades (--live, --rebalance, --whale-exits), describes execution steps ("9. Executes trades via Simmer SDK (respects spending limits)"), exposes API endpoints (https://api.simmer.markets, /api/sdk/portfolio, /api/sdk/positions), and requires a WALLET_PRIVATE_KEY for signing orders. It also documents handling of USDC/USDC.e and real-money constraints (minimums, balances). These are direct crypto/market execution capabilities (sending transactions, signing with a private key, buying/selling positions), not generic tools — therefore this grants Direct Financial Execution Authority.