kalshi
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection by processing untrusted data from the external Kalshi API without sanitization or explicit instruction to ignore embedded commands. 1. Ingestion points: Data retrieved from 'api.elections.kalshi.com' (such as market titles and event subtitles) via commands like 'search_markets' and 'get_events' defined in 'SKILL.md'. 2. Boundary markers: No delimiters or isolation techniques are used to separate API-provided content from system instructions. 3. Capability inventory: Commands primarily perform read-only network requests and data presentation, with local parameter validation performed by 'scripts/validate_params.sh'. 4. Sanitization: No escaping or validation of external strings is performed before they are presented to the agent.
Audit Metadata