pp-kalshi
Warn
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Setup instructions trigger the download of CLI and MCP tools from the author's repositories on GitHub and NPM (@mvanhorn/printing-press, github.com/mvanhorn/*).
- [REMOTE_CODE_EXECUTION]: The skill relies on executing third-party binaries installed from remote sources to perform its core functions.
- [DATA_EXFILTRATION]: The kalshi-pp-cli tool contains a --deliver webhook: parameter which enables the transmission of potentially sensitive command output, including account balances and trade history, to external servers.
- [COMMAND_EXECUTION]: The skill uses shell commands to perform installation steps and invoke the CLI for trading and data retrieval.
- [CREDENTIALS_UNSAFE]: The tool requires high-privilege credentials, including RSA private keys (KALSHI_PRIVATE_KEY), to sign trading requests, which increases the risk of credential exposure if the environment or the tool is compromised.
- [PROMPT_INJECTION]: The skill processes untrusted external data from the Kalshi API, creating a surface for indirect prompt injection.
- Ingestion points: Market data, event descriptions, and portfolio results retrieved via kalshi-pp-cli.
- Boundary markers: None observed in instructions.
- Capability inventory: Ability to read/write files and execute shell commands through Read and Bash tools.
- Sanitization: No explicit validation or filtering of external API content is defined.
Audit Metadata