polymarket-mert-sniper
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of 'simmer-sdk' via pip. This is an external package from a source not recognized as a trusted vendor in the author context.
- [DATA_EXFILTRATION]: The skill makes network requests to 'api.simmer.markets' and 'clob.polymarket.com' for market data and trade execution. These communications target domains outside of the standard whitelisted services.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its processing of external data.
- Ingestion points: Market titles and questions are retrieved from external APIs in 'mert_sniper.py'.
- Boundary markers: There are no markers or delimiters used to separate untrusted data from processing logic.
- Capability inventory: The skill possesses the ability to execute trades and manage positions through its integrated client.
- Sanitization: No validation or sanitization is performed on market-related strings before they are utilized.
Audit Metadata