The Agent Skills Directory

[SAFE]: The skill makes network requests to api.weather.gov (NOAA), api.open-meteo.com, and api.simmer.markets to retrieve weather forecasts and market information. These requests are essential for the skill's primary functionality and target well-known or vendor-specific services.
[SAFE]: Sensitive credentials, such as the SIMMER_API_KEY and WALLET_PRIVATE_KEY, are managed using environment variables. The skill instructions properly guide the user to store these secrets securely and avoid hardcoding them, aligning with standard security practices.
[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes market event names and weather forecasts from external APIs to trigger trading decisions. Ingestion points: Market descriptions from the Simmer API and weather data from NOAA and Open-Meteo are fetched and parsed in weather_trader.py. Boundary markers: There are no specific boundary markers or ignore instructions warnings applied to the external data strings before processing. Capability inventory: The skill has the capability to execute financial transactions (trades and sells) on Polymarket using the provided wallet credentials. Sanitization: The skill employs restrictive regular expression parsing in parse_weather_event and parse_temperature_bucket to validate that external data matches expected temperature and date formats, which mitigates the risk of processing arbitrary instruction payloads.

polymarket-weather-trader