Skills
skills/starchild-ai-agent/official-skills/kalshi-api/Gen Agent Trust Hub

kalshi-api

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill ingests external market data and event descriptions from the Kalshi API, creating an indirect prompt injection surface.
  • Ingestion points: Data fetched from https://external-api.kalshi.com and https://api.elections.kalshi.com via the WebFetch tool.
  • Boundary markers: Absent; the instructions do not define delimiters or provide warnings to the agent to ignore instructions embedded in the API responses.
  • Capability inventory: The skill environment permits the use of Bash and Write, which could be abused if an injection attack were successful.
  • Sanitization: The skill does not specify any validation or sanitization procedures for the data retrieved from the API.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 04:12 PM