polymarket-elon-tweets
Fail
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill requires the user to store a
WALLET_PRIVATE_KEYfor a Polymarket wallet (holding USDC) in the environment. Storing plaintext private keys in environment variables is a high-risk security practice, as they can be exposed through process listings, logs, or environment dumps. - [DATA_EXFILTRATION]: The skill accesses highly sensitive credentials (
WALLET_PRIVATE_KEYandSIMMER_API_KEY) from the environment. While the code indicates these are used for local transaction signing and API authentication with simmer.markets, the presence of these secrets in the environment makes the execution context a high-value target for exfiltration. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes untrusted data from external APIs to drive financial trading decisions.
- Ingestion points: Real-time tweet tracking data from
xtracker.polymarket.comand market data fromapi.simmer.marketsare fetched and processed inelon_tweets.py. - Boundary markers: Absent. The skill does not use delimiters or instructions to ignore potential commands embedded in the external API responses.
- Capability inventory: The skill can execute network-based financial trades (write) and modify the local file system by logging state to
state/failed_trades.json(write). - Sanitization: Absent. The skill uses raw JSON data from external sources to calculate trade parameters without validating the input against adversarial manipulation.
Recommendations
- AI detected serious security threats
Audit Metadata