kalshi-trading

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill fetches and ingests data from Kalshi's public API (https://api.elections.kalshi.com/trade-api/v2) — e.g., GET /markets, /markets/{ticker}/trades, /events and orderbook in SKILL.md and scripts/kalshi-client.ts — which returns open, user-driven market titles, trades and orderbook data (untrusted third-party content) that the agent is expected to read and act on.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to interact with a trading API (Kalshi). It includes authenticated request signing (getAuthHeaders), endpoints to check balances and positions, and a placeOrder function that issues a POST to /portfolio/orders to buy/sell contracts. This is direct execution of financial trades (market/orders) via a brokerage/exchange API, not a generic tool, so it grants direct financial execution capability.