SQLMap Database Penetration Testing

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content provides explicit, actionable instructions for discovering and exploiting SQL injection vulnerabilities — including automated data exfiltration (dumping credentials/hashes), credential harvesting, OS command execution and file upload (webshells), bulk/Google-dork scanning, and anonymization techniques — making it highly likely to be abused for malicious activity despite brief legal caveats.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs running sqlmap against arbitrary public URLs and search results (e.g., -u "http://target.com/page.php?id=1", -m bulkfile.txt, -g Google dorks) and to consume HTTP request/log files (-r, -l), so the agent will fetch and parse untrusted, user-generated web content as part of the workflow, enabling indirect prompt-injection risks.