kalshi-weather-trader

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to ask users for a Simmer API key and a Solana private key (and even shows export/authorization examples), which encourages the agent to receive and potentially echo or embed sensitive secrets verbatim, creating a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill fetches and parses external market text from Kalshi (via Simmer's importable markets and /api/sdk/markets in discover_and_import_weather_markets and fetch_weather_markets) and uses those untrusted market question/outcome strings (plus NOAA forecast data from api.weather.gov) to determine trading actions, so third-party content directly influences automated trades.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading bot for Kalshi markets: it describes buying and selling (“Entry: ... → BUY”, “Exit: ... sells”), running live execution commands (python weather_trader.py --live), and uses the Simmer SDK/DFlow on Solana to execute trades. It requires a Solana private key (SOLANA_PRIVATE_KEY) to sign transactions client-side, asks for a SIMMER_API_KEY, references portfolio/positions API endpoints, and documents KYC required for buys. These are specific payment/market-order capabilities (signing and sending blockchain transactions and placing market orders), not generic tooling—therefore it grants direct financial execution authority.