polymarket

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill includes a code example that requires embedding API key, secret, and passphrase directly in the subscription object (clob_auth), which would require the LLM to handle and output secret values verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Real-Time Data Client (SKILL.md and references/README.md) explicitly subscribes to public WebSocket topics such as "comments" and "activity" (user comments, reactions, trades) and processes inbound payloads via onMessage, which means it ingests untrusted, user-generated third‑party content that can influence decisions or follow‑up actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly centered on a financial trading platform (Polymarket). It documents a Trading API (REST & WebSocket), "Implementing trading strategies", "trading.md", and user portfolio management. It exposes authenticated user channels (clob_user) for orders and trade executions and shows an auth scheme requiring API key/secret/passphrase. Those elements are specific to placing and managing market orders and interacting with trading endpoints — i.e., direct financial execution capability.