polymarket

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and subscribe to public Polymarket endpoints (e.g., Gamma API at https://gamma-api.polymarket.com for events/market "question" text, the Data API, CLOB orderbook at https://clob.polymarket.com, and the market WebSocket wss://ws-subscriptions-clob.polymarket.com/ws/market) and to read/interpret that user-generated market and trade data as part of trading workflows, so untrusted third-party content can materially influence actions like order placement and tick-size handling.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform on-chain and exchange actions: it documents authenticated trading clients, demonstrates deriving API credentials from a wallet private key, and shows concrete functions to create and post orders (GTC/GTD/FOK/FAK, batch, cancel). It also includes bridge deposit/withdrawal endpoints, contract addresses, gasless relayer transactions, and signature types (EOA/Proxy/Gnosis Safe). These are specific crypto/blockchain and market-order operations that can move funds or execute trades directly.