polymarket-elon-tweets

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to ask for the Simmer API key and the wallet private key and shows commands (e.g., export WALLET_PRIVATE_KEY=0x<...>) that would require the user to paste secrets, meaning the LLM would handle and potentially echo secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill fetches and parses untrusted public content (XTracker API calls at https://xtracker.polymarket.com/api in get_xtracker_trackings / get_xtracker_stats and Polymarket event pages via import_event / constructed https://polymarket.com/event/... URLs) and directly uses those third-party titles/stats to choose markets and drive trading actions, so external/user-generated content can materially influence tool use and decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading bot for Polymarket using the Simmer SDK. It requests a Simmer API key and the user's wallet private key, states the SDK signs orders client-side, provides API endpoints and commands to execute live trades (buy/sell buckets), and includes configuration for position sizing, slippage, and automated execution/cron. These are specific tools/functions to move funds and place market orders (direct financial execution).