polymarket-mert-sniper

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt explicitly instructs the agent to request the Simmer API key and the user's wallet private key (including examples showing export of the private key), meaning the LLM would be asked to collect and thus handle sensitive secrets in its context even though env-var placeholders are used for execution — this creates a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's runtime (mert_sniper.py and SKILL.md) fetches and parses market questions, probabilities, and order-book data from third-party endpoints (Simmer API at https://api.simmer.markets and Polymarket CLOB at https://clob.polymarket.com via fetch_markets, fetch_live_midpoint, fetch_orderbook_summary, and get_market_context) and directly uses that untrusted, user-generated content to decide and execute trades, so external content can materially influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to execute real trades on Polymarket. It requires a wallet private key (WALLET_PRIVATE_KEY) for signing orders, uses the Simmer API (SIMMER_API_KEY), and provides a --live mode that "Execute real trades" and statements like "Execution: Places trade on the favored side, capped at max bet" and "The SDK signs orders automatically" — all indicating direct transaction/asset-moving capability (crypto USDC trading). This meets the crypto/blockchain and payment execution criteria for Direct Financial Execution.