@1368/polymarket-trade

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches market/event data and user-generated market descriptions from public Polymarket endpoints (e.g., GAMMA and CLOB API calls in scripts/poly_research.py and scripts/poly_client.py and the SKILL.md "Workflow: Link → Bet" which instructs reading resolution criteria and web_search) and uses that content to drive research, suggested bets, and order preparation, so untrusted third‑party content can materially influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to execute financial operations on Polymarket using an on-chain Polygon wallet. It includes steps to fund the wallet with USDC, approve token allowances, sign EIP‑712 orders, call eth_sendTransaction/wallet_transfer, create API keys, post signed orders to the Polymarket CLOB, place/cancel market orders, and check balances/positions. These are direct crypto/blockchain financial actions (wallet signing, token approvals, submitting trades), not generic tooling. The presence of specific contract addresses, USDC token, EIP‑712 signing, and order-posting APIs indicates direct financial execution capability.