pp-kalshi

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires installing and running remote code at runtime via commands such as "npx -y @mvanhorn/printing-press install kalshi --cli-only" and "go install github.com/mvanhorn/printing-press-library/library/payments/kalshi/cmd/kalshi-pp-cli@latest" (and the MCP install "go install github.com/mvanhorn/printing-press-library/library/other/kalshi/cmd/kalshi-pp-mcp@latest"), which fetch and execute external code and are required for the skill to operate.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading CLI for Kalshi with built-in write actions that move money or change account state. The Command Reference includes explicit order and funds-management endpoints such as:
• portfolio create-order / create-order-v2 / batch-create-orders (submit trades)
• portfolio amend-order / decrease-order / cancel-order / batch-cancel-orders (modify/cancel live orders)
• portfolio apply-subaccount-transfer / create-subaccount / get-subaccount-transfers (move funds between subaccounts)
• communications accept-quote / confirm-quote / create-rfq (order execution flow) These are not generic read-only or browser automation capabilities — they directly submit orders, transfers, and other account-changing operations. The Auth Setup acknowledges read-only vs read/write key tiers but also documents write-capable commands and an agent-friendly non-interactive mode (--agent, --yes, --dry-run) that enables automated execution. Therefore this skill grants Direct Financial Execution Authority.