kalshi-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md instructs the agent to fetch and interpret live, public Kalshi API data (e.g., GET /events, /markets, orderbooks, and WebSocket channels at https://external-api.kalshi.com/trade-api/v2) and to use that data to drive actions such as placing or amending orders, so untrusted third-party market/event content could indirectly inject instructions that affect tool use.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading API for Kalshi and includes authenticated endpoints to create, amend, batch, cancel, and manage orders (e.g., POST /portfolio/orders, /portfolio/events/orders, batched order endpoints), portfolio balance, withdrawals, deposits, subaccount transfers, RFQs/quotes and other write operations that execute trades or move funds. The prompt even warns "POST /portfolio/orders submits real orders on production" and details RSA auth for signing transactional requests. This is specifically designed to execute market orders and manage financial positions, so it grants direct financial execution authority.