polybaskets-overview

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to read live Polymarket data via the Gamma API (see "Search Polymarket — find interesting active markets via the Gamma API") and to use final outcomes from Polymarket for settlements, meaning untrusted public market content is ingested and directly affects betting, index calculation, and settlement decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly describes on-chain financial actions and named contract functions that enable moving tokens: claiming CHIP via BetToken/Claim, approving CHIP spend for BetLane, creating a basket on-chain (submitting to BasketMarket), placing bets (getting a signed quote and placing a transaction), finalizing settlement, and claiming payouts. These are concrete crypto/blockchain transaction operations (token claims, approvals, bets, settlements) rather than generic descriptions, so the skill provides explicit capability to execute financial transactions.