kalshi
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides technical documentation and authentication examples for interacting with the Kalshi API. All identified URLs and communication patterns target legitimate Kalshi domains.
- [CREDENTIALS_UNSAFE]: The skill uses environment variables (
KALSHI_ACCESS_KEY,KALSHI_PRIVATE_KEY) to manage authentication secrets. It correctly demonstrates loading these from a.envfile, which is a standard security best practice. - [DATA_EXFILTRATION]: Sensitive credentials and signatures are only transmitted to the official service provider's endpoints for the purpose of API authentication.
- [PROMPT_INJECTION]: The skill includes a surface for indirect prompt injection by reading external API content via the WebFetch tool. However, the source (Kalshi) is a regulated financial platform, and the risk of adversarial injection via market descriptions is considered low and manageable by standard model guardrails.
Audit Metadata