Trust Assessment
polymarket-research received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Exfiltration of sensitive strategy and performance data via Telegram.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Exfiltration of sensitive strategy and performance data via Telegram The skill explicitly instructs the agent to send detailed updates about its paper trading portfolio, active positions, research findings, top opportunities, and strategy notes to an external service (Telegram) unprompted. This constitutes a data exfiltration vector for sensitive operational and strategic information. While the skill states it's 'paper trading', the nature of the data (probabilities, edge, thesis summaries, P&L) is highly sensitive for a trading strategy and could be valuable intellectual property. Implement strict controls over external communication channels. Ensure data sent is anonymized or aggregated to prevent leakage of specific trading strategies or sensitive market insights. Confirm that 'Rick' is an authorized recipient and that the communication channel is secure. Consider if this level of detail is truly necessary for external updates or if a more abstract summary would suffice. | LLM | SKILL.md:201 |
Scan History
Embed Code
[](https://skillshield.io/report/3bfa8a96dfe40d0b)
Powered by SkillShield