mitm-find-sqli
Warn
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the AI agent to construct and execute shell commands using
grepandcurl. These commands are used to parse local log files and perform active network requests against external targets. - [EXTERNAL_DOWNLOADS]: The skill utilizes
curlto perform network operations against external domains (represented by the placeholdertarget.com). This enables the agent to interact with non-whitelisted remote servers to send SQL injection payloads. - [PROMPT_INJECTION]: The skill is highly vulnerable to indirect prompt injection due to its core processing logic.
- Ingestion points: The agent is instructed to read and analyze
log.txt, which contains captured network traffic (untrusted data from external sources). - Boundary markers: There are no delimiters or instructions to ignore embedded commands or instructions within the captured traffic.
- Capability inventory: The agent has access to
grepfor pattern matching andcurlfor making network requests across the instructions. - Sanitization: There is no evidence of sanitization, escaping, or validation of the content extracted from
log.txtbefore it is interpolated into shell commands or used to drive subsequent agent actions. - [COMMAND_EXECUTION]: The use of
$ARGUMENTSin the markdown header represents a potential command injection vector if the platform's execution environment does not properly sanitize template variables before they are processed by a shell.
Audit Metadata