SQLMap Database Penetration Testing
Fail
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides bash templates for the sqlmap tool that incorporate user-provided inputs such as URLs (-u), request files (-r), and bulk files (-m). No sanitization or validation of these inputs is specified, which could lead to command injection if the agent executes these commands on the host system.
- [REMOTE_CODE_EXECUTION]: The skill documents the use of high-risk sqlmap flags like --os-shell and --os-cmd, which allow for arbitrary code execution on the target database server.
- [DATA_EXFILTRATION]: The skill provides detailed instructions for dumping sensitive data from databases and reading local files from the target system, such as using the --file-read="/etc/passwd" flag.
- [CREDENTIALS_UNSAFE]: Several examples and sub-skills focus on extracting administrative credentials and password hashes from the target database using flags like -C and --passwords.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. Ingestion points: untrusted URLs and request files as seen in SKILL.md and advanced-target-options.md. Boundary markers: None present. Capability inventory: network access, file system access, and OS command execution via sqlmap. Sanitization: Absent.
Recommendations
- AI detected serious security threats
Audit Metadata