SQL Injection Testing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). This skill explicitly covers extracting database information, authentication bypass, and evidence artifacts, which implies the agent will retrieve and present sensitive values (passwords, tokens, credentials) verbatim as part of testing and reporting, creating a high exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content explicitly instructs how to bypass authentication, extract credentials and database contents, and exfiltrate data to attacker-controlled endpoints (e.g., xp_dirtree, LOAD_FILE with \attacker-server, UTL_HTTP.REQUEST to attacker.com), plus evasion/obfuscation techniques—demonstrating deliberate malicious capability despite framing as testing.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requires a "Target web application URL with injectable parameters" (Required Access) and the Phase 1/Detection and numerous examples show sending requests (e.g., GET /product.php?id=5') and interpreting responses/errors/delays from arbitrary web targets, meaning the agent will fetch and act on untrusted third-party content that can influence subsequent actions.