Polygon Agent

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly requires outputting raw, untruncated wallet approval URLs (which include relay request IDs/tokens) and references stored access keys/private keys, so an agent following it may be instructed to include sensitive secret values verbatim in its outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's polygon-discovery section instructs the agent to call x402-pay against public endpoints (e.g., https://x402-api.onrender.com/api/... including article extraction ?url=, Twitter/X lookups, web search and news) and to read/act on those responses, which are arbitrary third‑party/user-generated content that can materially influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs the agent at runtime to fetch and “load the relevant sub-skill” from external SKILL.md files (e.g. https://agentconnect.polygon.technology/polygon-polymarket/SKILL.md, https://agentconnect.polygon.technology/polygon-defi/SKILL.md, https://agentconnect.polygon.technology/polygon-discovery/SKILL.md), which would directly control agent prompts/instructions and are presented as required dependencies for those workflows.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is explicitly a crypto on-chain transaction toolkit for Polygon. It exposes wallet creation/import (stores private keys), balance checks, and direct transaction commands: send/send-token/send-native, swap, deposit, withdraw, bridge/fund, and x402-pay (EOA funding and EIP-3009 signed payments). It also documents broadcasting transactions and managing spending/session limits. These are specific crypto/blockchain financial execution capabilities (wallets, signing, token transfers, swaps, deposits/withdrawals), not generic tooling.