kalshi-trading

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's runtime script (scripts/kalshi_openapi_reader.mjs) directly fetches data from the public Kalshi OpenAPI (default BASE_URL "https://api.elections.kalshi.com/trade-api/v2") and reads markets/events/trades/orderbook content—which is third-party data the agent interprets and uses to guide scanning/ranking decisions—so untrusted external content can influence behavior.