SQL Injection Testing
Fail
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [PROMPT_INJECTION]: The skill's description and trigger phrases are specifically designed to facilitate restricted and potentially malicious activities, such as bypassing authentication and performing SQL injection attacks.
- [DATA_EXFILTRATION]: The skill includes numerous techniques and specific SQL payloads for extracting sensitive database information, including user credentials, table structures, and database schemas through in-band, blind, and out-of-band methods.
- [COMMAND_EXECUTION]: Exploitation instructions involve the execution of specialized database procedures like xp_dirtree (MSSQL) and UTL_HTTP.REQUEST (Oracle) to interact with the underlying operating system and external network resources.
- [CREDENTIALS_UNSAFE]: A core component of the skill is dedicated to bypassing login forms and credential validation mechanisms using crafted SQL injection strings, directly targeting the compromise of authentication systems.
Recommendations
- AI detected serious security threats
Audit Metadata