trading-kalshi

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly fetches and subscribes to open Kalshi third-party content (e.g., feed.searchMarkets, feed.getMarket, feed.getEvents, WebSocket subscribeToMarket and the balance fetch to https://api.elections.kalshi.com) and uses market titles, descriptions, prices and orderbook data (which can be user-generated/public) to drive trading decisions and automated actions (triggers/TWAP/brackets), so untrusted content can materially influence tool behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading integration for Kalshi with commands to place and manage market orders (buy, sell, cancel), advanced execution types (TWAP, bracket, trigger), view account balance, and stream/order fills. It requires API credentials (API key ID and private key) and performs authenticated order execution. This is a specific financial execution tool (market order/trading API), not a generic interface, so it grants direct financial execution authority.