kalshi-markets
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- Prompt Injection (LOW): The
SKILL.mdfile contains a directive: "IMPORTANT: Don't read scripts unless absolutely needed". This instruction discourages the agent from inspecting the skill's underlying executable code, which is a pattern that can be used to obscure malicious logic or bypass agent oversight. - Data Exposure & Exfiltration (LOW): The scripts perform network requests to
api.elections.kalshi.com. This domain is not on the trusted whitelist. While appropriate for the skill's purpose, it represents an external data flow to a non-whitelisted destination. - Unverifiable Dependencies & Remote Code Execution (LOW): The scripts use
uvinline metadata to install unversioned dependencies (httpx,click) from the public PyPI registry at runtime. This introduces a minor risk of dependency confusion or supply chain compromise. - Indirect Prompt Injection (LOW): The skill possesses a vulnerability surface for indirect prompt injection. Untrusted data (market titles, rules, descriptions) is ingested from the Kalshi API and displayed to the agent via
click.echowithout sanitization or boundary markers to delimit external content from instructions.
Audit Metadata