Trust Assessment
polymarket-research received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Unprompted external data transmission via Telegram.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unprompted external data transmission via Telegram The skill explicitly instructs the agent to send "unprompted" updates to an external entity ("Rick") via "Telegram" every 4-6 hours during active sessions. These updates include sensitive information such as paper portfolio balance, active positions, research findings, top opportunities, and strategy notes. This constitutes a data exfiltration risk as information generated by the agent's operation is proactively sent outside the secure environment without explicit, per-message user consent. Modify the skill to require explicit user confirmation before sending any external messages. Alternatively, clarify that 'Rick' and 'Telegram updates' refer to internal logging or reporting mechanisms within the agent's secure environment, not actual external communication. If external communication is intended, ensure it is opt-in, clearly communicates what data will be sent, and allows the user to disable it. | LLM | SKILL.md:198 |
Scan History
Embed Code
[](https://skillshield.io/report/a1bfd3a958b22bf7)
Powered by SkillShield