polymarket-plugin

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill routinely fetches and ingests live market data and text fields (market titles, descriptions, outcomes) from public Polymarket APIs (CLOB API, Gamma API, Data API) as part of required workflows like list-markets/get-market and the Pre-sell Liquidity Check, so untrusted, user-generated content directly informs trading decisions and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's pre-flight scripts download and execute remote installers at runtime (e.g. curl ... "https://raw.githubusercontent.com/okx/onchainos-skills/${LATEST_TAG}/install.sh" which is later run with sh, and it also fetches/executes "https://raw.githubusercontent.com/okx/plugin-store/main/scripts/launcher.sh"), so remote code is fetched and executed as a required dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provides crypto and market-order capabilities: it supports buy/sell market orders, cancel/orders/rfq, deploy and manage a proxy wallet, deposit/withdraw USDC.e (and pUSD) on Polygon, auto-wrap USDC.e→pUSD, run on-chain approvals (approve, setApprovalForAll), sign EIP‑712 orders via onchainos, and submit on-chain transactions (contract-call, redeem). These are specific, purpose-built financial execution actions on blockchain markets (trading and moving funds), so it grants direct financial execution authority.