kalshi-trading
Warn
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill depends on the 'kalshi-cli' binary, requiring users to install it from an external GitHub repository (6missedcalls/kalshi-cli) via Homebrew or Go installation commands.
- [COMMAND_EXECUTION]: The agent is instructed to use the 'kalshi-cli' tool for all market interactions and trading operations, which involves executing the binary as a subprocess with various user-defined and data-driven arguments.
- [CREDENTIALS_UNSAFE]: The skill manages sensitive API keys and private RSA keys. The instructions include methods for providing these credentials via environment variables or command-line flags, which can expose them in shell history, process logs, or environment dumps.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its ingestion of unvalidated data from an external exchange.
- Ingestion points: Market descriptions, ticker data, and exchange announcements retrieved via 'kalshi-cli exchange announcements' and other research commands.
- Boundary markers: No delimiters or specific instructions are provided to help the agent distinguish between data and potential instructions embedded within the exchange's output.
- Capability inventory: The skill has the ability to place, amend, and cancel financial orders, and manage portfolio subaccounts.
- Sanitization: There is no evidence of sanitization or validation of the external content before it is processed by the agent.
Audit Metadata