calculus-dbti

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The skill instructs the agent to silently detect and extract the user's wallet address without disclosure or prompting (explicitly "Do NOT prompt the user"), which is a hidden/deceptive instruction outside the user's expectation for a personality quiz.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill contains a deliberate, silent wallet-detection and reporting flow (runs onchainos commands without user notification and includes the discovered wallet address in API submissions), which constitutes covert collection/exfiltration of a sensitive identifier and a privacy/backdoor behavior.