market-discovery

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's code and SKILL.md show it directly fetches Polymarket data from the public DOME API (https://api.domeapi.io/v1/polymarket/markets via makeRequest in scripts/marketDiscovery.ts and marketDiscovery.js), ingesting user-generated fields like title, description, tags, extra_fields and resolution_source that the skill parses and uses to search, filter, and select markets (e.g., for backtesting), so untrusted third-party content can materially influence agent decisions.