dflow-kalshi-market-scanner

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly instructs the agent to ask the user for a DFlow API key and to include x-api-key on every request (and generate scripts that use that key), which creates a high risk that the LLM will echo the secret verbatim into generated commands or code.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and streams public Kalshi/DFlow market data from the Metadata API and WS endpoints (e.g., https://pond.dflow.net/build/metadata-api, /api/v1/markets, and the prices/trades WebSocket channels) and reads market titles/prices/volume which are public, user-populated content that the agent must interpret to decide and trigger actions (scans, alerts, and handoffs to trading), so it clearly ingests untrusted third-party content that can influence behavior.