aeon-monitor-polymarket

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md shows the agent fetching market data and comment threads from Polymarket (e.g., gamma-api.polymarket.com and clob.polymarket.com) and explicitly extracts user-generated comments as part of alert triggers and signal decisions, so untrusted third-party content can influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly focused on a financial trading platform (Polymarket) and includes specific, execution-related artifacts: Polymarket orderbook endpoints, Bankr-compatible on-chain RPC references, and an explicit "Bankr-ready Submit payload" for "AgenticBets or direct Polymarket interaction." Those elements are not generic (like a browser or HTTP caller) but are explicitly designed to create/submit trades or on-chain transaction payloads for a crypto prediction-market. That matches the "Crypto/Blockchain (Wallets, Swaps, Signing)" and "Market Orders (Buying/Selling stocks or assets)" categories in the core rule, so it grants direct financial execution capability.