kalshi-markets
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill uses the 'Bash' tool to run local Python scripts (e.g., 'market.py', 'trades.py'), which grants it execution privileges that could be exploited if inputs are not properly handled.
- [Indirect Prompt Injection] (HIGH): The skill processes untrusted external content from the Kalshi API, such as event descriptions and market metadata. This content is ingested into the agent's context and could contain malicious instructions. Mandatory Evidence Chain: 1. Ingestion points: Kalshi API data processed via Python scripts. 2. Boundary markers: No markers or 'ignore' instructions are present in the manifest. 3. Capability inventory: Full Bash tool access and local script execution. 4. Sanitization: Not verifiable as the source code for the scripts is not provided.
- [NO_CODE] (INFO): The skill manifest references multiple Python script files that are missing from the package, preventing a thorough security review of the actual implementation logic.
Recommendations
- AI detected serious security threats
Audit Metadata