polymarket-signal-sniper
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches RSS feed content from user-specified external URLs using the urllib module in signal_sniper.py.
- [EXTERNAL_DOWNLOADS]: The skill declares a dependency on the simmer-sdk package in clawhub.json.
- [DATA_EXFILTRATION]: The skill communicates with the vendor API at api.simmer.markets to retrieve account data and process trade requests.
- [PROMPT_INJECTION]: The skill processes untrusted RSS article data which could be manipulated to influence the sentiment analysis and trigger unintended trades.
- Ingestion points: RSS feed data is parsed and analyzed in signal_sniper.py.
- Boundary markers: No delimiters are present to isolate article text from processing logic.
- Capability inventory: The skill can execute financial trades via the execute_trade function.
- Sanitization: Uses keyword matching for sentiment scoring but lacks content validation.
Audit Metadata