polymarket-wallet-xray
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches data from several external endpoints to perform its analysis:
- Fetches wallet trade history from Polymarket's public data API (
data-api.polymarket.com). - Queries market information from Polymarket's Gamma and CLOB APIs (
gamma-api.polymarket.com,clob.polymarket.com). - Retrieves account and portfolio status from the vendor's API (
api.simmer.markets) inscripts/status.py. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from Polymarket:
- Ingestion points: Market titles and outcome labels are fetched from the Polymarket activity API in
wallet_xray.py. - Boundary markers: The data is returned to the agent in a structured JSON format which provides implicit boundaries, but no explicit 'ignore instructions' markers are used within the text fields.
- Capability inventory: The skill itself does not perform dangerous operations (like file writes or command execution) based on the fetched data; it primarily computes statistical metrics.
- Sanitization: Market titles are retrieved and passed through to the analysis output without sanitization or escaping, which could allow a malicious market name to influence the agent's subsequent reasoning.
Audit Metadata