pp-kalshi

Warn

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Setup instructions trigger the download of CLI and MCP tools from the author's repositories on GitHub and NPM (@mvanhorn/printing-press, github.com/mvanhorn/*).
  • [REMOTE_CODE_EXECUTION]: The skill relies on executing third-party binaries installed from remote sources to perform its core functions.
  • [DATA_EXFILTRATION]: The kalshi-pp-cli tool contains a --deliver webhook: parameter which enables the transmission of potentially sensitive command output, including account balances and trade history, to external servers.
  • [COMMAND_EXECUTION]: The skill uses shell commands to perform installation steps and invoke the CLI for trading and data retrieval.
  • [CREDENTIALS_UNSAFE]: The tool requires high-privilege credentials, including RSA private keys (KALSHI_PRIVATE_KEY), to sign trading requests, which increases the risk of credential exposure if the environment or the tool is compromised.
  • [PROMPT_INJECTION]: The skill processes untrusted external data from the Kalshi API, creating a surface for indirect prompt injection.
  • Ingestion points: Market data, event descriptions, and portfolio results retrieved via kalshi-pp-cli.
  • Boundary markers: None observed in instructions.
  • Capability inventory: Ability to read/write files and execute shell commands through Read and Bash tools.
  • Sanitization: No explicit validation or filtering of external API content is defined.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 15, 2026, 01:43 PM
Security Audit — agent-trust-hub — pp-kalshi