Skills
skills/mvanhorn/printing-press-library/pp-kalshi/Gen Agent Trust Hub

pp-kalshi

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the kalshi-pp-cli and kalshi-pp-mcp tools from vendor-managed sources on GitHub and NPM. Evidence includes npx -y @mvanhorn/printing-press install kalshi --cli-only and go install github.com/mvanhorn/printing-press-library/library/payments/kalshi/cmd/kalshi-pp-cli@latest.
  • [COMMAND_EXECUTION]: Execution of the kalshi-pp-cli tool is central to the skill's functionality, using the Read Bash tool to run commands like kalshi-pp-cli portfolio attribution.
  • [DATA_EXFILTRATION]: The CLI includes a --deliver webhook:<url> flag that can be instructed to POST command outputs to any URL, providing a mechanism for data exfiltration of sensitive trading or account info.
  • [PROMPT_INJECTION]: The skill maintains an indirect prompt injection surface by processing external data from Kalshi market events and user feedback while having access to financial tools and network sinks. Ingestion points include market data and feedback storage; capability inventory includes subprocess execution and network webhooks; boundary markers and sanitization are not defined in the instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 05:36 PM