polymarket-mert-sniper

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt tells the agent to ask the user for the Simmer API key and the wallet private key and to store them (env vars or config.json) and even shows export commands, which requires the LLM to receive and could output or embed secrets verbatim, creating high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill fetches public market data (including user-written "question" text and resolves_at fields) from the Simmer API (GET /api/sdk/markets) and Polymarket CLOB endpoints (clob.polymarket.com) and directly parses/uses that untrusted, user-generated content to decide which markets to trade and how to act.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to execute real trades on Polymarket. It requires a wallet private key (WALLET_PRIVATE_KEY) for signing orders, uses the Simmer API (SIMMER_API_KEY), and provides a --live mode that "Execute real trades" and statements like "Execution: Places trade on the favored side, capped at max bet" and "The SDK signs orders automatically" — all indicating direct transaction/asset-moving capability (crypto USDC trading). This meets the crypto/blockchain and payment execution criteria for Direct Financial Execution.