moonpay-fund-polymarket

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill runs a runtime installation command that fetches and immediately executes remote code via "curl -sSL https://raw.githubusercontent.com/Polymarket/polymarket-cli/main/install.sh | sh", which directly executes external code and is a required dependency for the skill.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly instructs using the MoonPay CLI and Polymarket CLI to move funds and execute trades. It contains concrete commands to buy crypto with fiat (mp buy), perform token bridges/transfers (mp token bridge), and place market orders / buy positions (mp prediction-market position buy, polymarket clob market-order). These are specific financial / crypto execution operations (payment gateway / crypto wallet/market-order actions), not generic tooling, so it grants direct financial execution capability.