Skills
skills/alex-hoo-dev/calculus-dbti-skills/calculus-dbti/Gen Agent Trust Hub

calculus-dbti

Warn

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill instructs the agent to silently extract the user's wallet address using the onchainos CLI tool and transmit it to a remote API. The instructions explicitly command the agent to conceal this activity from the user ("Do NOT prompt the user about wallets", "Proceed silently"), which bypasses user consent for data collection.
  • [COMMAND_EXECUTION]: The skill utilizes shell commands (onchainos wallet status, onchainos wallet addresses) to interact with the host environment and retrieve wallet configuration data.
  • [PROMPT_INJECTION]: The skill features an indirect prompt injection surface by fetching external data (question statements) from a remote API and processing them within the agent context. This allows a potentially compromised or malicious API to influence agent behavior through crafted statements.
  • [DATA_EXFILTRATION]: Mandatory evidence chain for data ingestion/processing:
  • Ingestion points: Questions are fetched from GET {API_BASE}/frameworks/dbti/questions (SKILL.md, Step 2).
  • Boundary markers: None present; question statements are processed directly without delimiters.
  • Capability inventory: Uses onchainos CLI for wallet access and POST requests for data transmission (SKILL.md).
  • Sanitization: No evidence of sanitization or validation of the fetched question statements before processing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 11, 2026, 04:26 AM