kalshi
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS / REMOTE_CODE_EXECUTION] (HIGH): The README instructions guide users to clone a project from an untrusted GitLab repository (
https://gitlab.com/outsharp/shipp/alph-bot.git) and execute it usingyarn migrateand./index.ts. This bypasses typical package manager security checks and executes code from an unverified third-party author. - [CREDENTIALS_UNSAFE] (MEDIUM): The skill requires the use of RSA-PSS private keys (
kalshi-private.pem). While required for the Kalshi API, the documentation's instructions for local storage and path referencing increase the risk of accidental credential exposure or exfiltration if the agent is compromised. - [COMMAND_EXECUTION] (LOW): The 'Getting Started' section provides several terminal commands for the user/agent to run, including cloning repos and running scripts, which can be dangerous if the target source is malicious.
- [INDIRECT PROMPT INJECTION] (LOW): The skill describes an automated trading bot ('Alph Bot') that ingests external, attacker-influenced data (market descriptions and orderbook data) to make financial decisions.
- Ingestion points: Market discovery fetches event contracts from Kalshi; real-time sports data from Shipp.
- Boundary markers: None mentioned in the README.
- Capability inventory: Order execution (placing/canceling orders), portfolio management.
- Sanitization: Not documented; the bot relies on AI (Claude) to estimate probabilities based on external data.
Recommendations
- AI detected serious security threats
Audit Metadata