polymarket-trade

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill autonomously fetches and interprets public Polymarket APIs (e.g., scripts/browse.js → Gamma Events API at https://gamma-api.polymarket.com and data-api.polymarket.com via fetchPositions in scripts/balance.js, plus CLOB API endpoints) and uses that untrusted, user-generated market metadata/token IDs/prices to resolve markets and construct orders, so third‑party content can directly influence tool actions (trades) as required by the SKILL.md workflows.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is explicitly designed to execute cryptocurrency market operations. It contains concrete, wallet-backed transaction flows: buy and sell flows invoke scripts (trade.js) that "handle approval and order submission", setApprovalForAll, and submit on-chain transactions on Polygon; it can auto-swap POL→USDC.e to fund buys; it derives and uses a non-custodial private key from a WDK vault and requires an RPC URL. The skill's primary purpose is placing market orders on Polymarket (fill-or-kill orders), checking balances, redeeming winnings, and submitting blockchain transactions — i.e., direct crypto financial execution.