dflow-kalshi-market-scanner
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill communicates exclusively with DFlow's official Metadata API endpoints and does not perform any sensitive data exfiltration or unauthorized file access.
- [SAFE]: Credential management follows security best practices; the skill instructs the agent to prompt the user for an API key rather than relying on insecure defaults or hardcoded values.
- [SAFE]: Script generation is limited to fetching public market data and providing a bridge to the official dflow CLI, which is consistent with the skill's stated purpose.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection via market metadata. Ingestion points: Market titles and subtitles from pond.dflow.net. Boundary markers: Absent. Capability inventory: Script generation with dflow CLI shell-outs. Sanitization: Absent. Note: This surface is necessary for the skill's primary purpose and is considered safe in this context.
Audit Metadata