The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The installation guide explicitly suggests executing a remote script directly using the curl ... | bash pattern. This is a critical vulnerability when the script originates from an unverified personal repository, as it allows for the execution of arbitrary code with user privileges without a review stage.
[COMMAND_EXECUTION]: The skill instructs the user to run multiple local shell scripts (quickstart.sh, install.sh, start_web_dashboard.sh) and use git clone. These actions provide several entry points for malicious command execution or the introduction of unverified logic into the user's environment.
[DATA_EXFILTRATION]: The skill's core functionality requires the use of highly sensitive credentials, specifically the POLYGON_PRIVATE_KEY. Given that the skill includes 45 tools with extensive network capabilities (API access and WebSocket monitoring), there is a significant risk that these credentials could be exfiltrated if the underlying code is compromised.
[PROMPT_INJECTION]: The skill contains a vulnerability to indirect prompt injection, particularly through tools like smart_trade and analyze_market_opportunity.
Ingestion points: Market data, including question text and descriptions, is ingested from the external Polymarket API via tools such as search_markets and get_trending_markets.
Boundary markers: None are present to distinguish between trusted instructions and untrusted data from the markets.
Capability inventory: The agent has access to financial trading tools (place_limit_order, place_market_order) and network communication.
Sanitization: No evidence of input validation or sanitization of strings retrieved from market data before they are used to influence trading strategies.

polymarket-mcp-server