exploiting-sql-injection-vulnerabilities

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill includes examples and workflows that embed session cookies and other credentials in command-line arguments (e.g., sqlmap --cookie="session=abc123") and instructs capturing and reporting extracted secrets/PII (usernames, passwords) verbatim in PoC output, so it requires handling secrets directly.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content is high-risk: it deliberately documents actionable SQL injection exploitation techniques, reusable payloads, an automated CLI/agent, and tooling that enable data exfiltration, credential theft, authentication bypass, forced account creation, and potential remote code execution if used against targets without authorization.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill actively fetches and parses responses from arbitrary target URLs provided to the agent (see SKILL.md "Workflow" and scripts/agent.py functions like _send, detect_error_based, detect_boolean_based, and fingerprint_database), treating that untrusted web content as authoritative input to decide which tests and follow-up actions to run—so third-party responses can materially influence behavior.