Polymarket Annotation Injection (sam.elborai.me)

A recent discovery on the Polymarket platform revealed vulnerabilities due to potential annotation injections on its event page. The "Market context" tab, which contains a timeline of annotations, is rendered server-side, making hidden content accessible to large language models (LLMs) during web searches. This scenario poses a risk of prompt injections, as LLMs may inadvertently utilize this hidden data, raising concerns about content security and data integrity within the platform. The origins of these annotations remain unclear, but they appear to be stored on Polymarket's end, hinting at either unintentional exposure of internal testing data or probing for weaknesses. Notably, the API endpoints involved in this issue, such as /api/cron/annotations and /api/annotations/generate, exhibit suspicious properties, including a lack of authentication requirements. This could allow malicious actors to manipulate the annotation data for nefarious purposes. As LLMs like Claude.ai have noted these injections as potential phishing attempts, the incident underscores the importance of robust security measures and monitoring for data inputs that could undermine trust in AI-generated outputs.