Polymarket Latest Events

Security checks across malware telemetry and agentic risk

Overview

This skill only tells an agent to fetch public Polymarket event data and does not ask for local files, credentials, persistence, or account control.

This appears safe to install if you want quick public Polymarket event lookups. Be aware that it may activate on broad prediction-market or betting-odds questions, so users should clarify when they mean Polymarket versus another platform. Results depend on Polymarket's public API and should not be treated as financial advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Low

Confidence: 89% confidence
Finding: The skill's trigger conditions are broad enough to activate on generic prediction-market or betting-related requests, not just explicit Polymarket queries. This can cause the agent to inappropriately route users into this skill, returning Polymarket-specific data when the user may have intended another platform or a more general discussion, which is a scope-control and reliability issue rather than a direct code-execution risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal