user-activity
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill ingests untrusted data from an external source that could be manipulated to influence the agent's behavior or reasoning output.
- Ingestion points: Market titles, event slugs, and trade descriptions are pulled from the
https://data-api.polymarket.comAPI. - Boundary markers: Absent. There are no delimiters or instructions to ignore embedded commands within the fetched market data.
- Capability inventory: The skill executes a Python script and can write files to the local disk via the
--outputparameter. - Sanitization: Absent. The markdown does not indicate any sanitization or filtering of the external API content before it is processed for analysis.
- Data Exposure & Exfiltration (LOW): The skill has the capability to write data to local file paths (e.g.,
data/trades.csv). While this is a functional requirement, it creates a mechanism for local file creation using untrusted external data. - Unverifiable Dependencies & Remote Code Execution (LOW): The skill executes
scripts/polymarket-user-activity.py. Although the script is referenced as a local file, its contents are not provided for analysis, and it performs network operations to an untrusted external domain.
Audit Metadata