Skills
skills/spartanlabsxyz/simmer-sdk/polymarket-signal-sniper/Gen Agent Trust Hub

polymarket-signal-sniper

Warn

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches content from external, user-defined RSS feeds in signal_sniper.py using urllib.request.urlopen. It implements a validate_url function to mitigate Server-Side Request Forgery (SSRF) by blocking localhost and private IP ranges.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted article headlines and summaries to determine trading actions.
  • Ingestion points: Untrusted text enters the system through the fetch_rss function in signal_sniper.py which retrieves data from external URLs.
  • Boundary markers: The skill does not use specific delimiters or instructions to prevent the agent from obeying instructions potentially hidden within the RSS feed content.
  • Capability inventory: The skill possesses high-impact capabilities, including the ability to execute financial trades (execute_trade) and redeem wallet balances.
  • Sanitization: While the script uses keyword-based sentiment analysis (_count_keyword_hits), the AI agent is instructed in SKILL.md to analyze the article content directly, which creates an opening for adversarial text to influence the agent's logic and trade execution.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 7, 2026, 11:49 PM