sql-injection-testing
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to handle untrusted data from external sources (URLs, POST data, headers) while providing the agent with command execution capabilities.
- Ingestion points: Processes external parameters and URLs via tools like sqlmap.
- Boundary markers: None present; the skill lacks instructions to ignore embedded commands in target data.
- Capability inventory: Provides explicit bash commands for sqlmap and manual testing scripts.
- Sanitization: No input validation or sanitization is provided for the external data being processed. This surface allows an attacker-controlled website to potentially influence the agent's command parameters.
- [Command Execution] (MEDIUM): The skill contains multiple ready-to-use shell commands for sqlmap. If the agent environment permits shell access, it could be coerced into attacking arbitrary infrastructure.
Recommendations
- AI detected serious security threats
Audit Metadata