skills/mukul975/anthropic-cybersecurity-skills/exploiting-sql-injection-with-sqlmap/Gen Agent Trust Hub
exploiting-sql-injection-with-sqlmap
Fail
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill provides detailed instructions and a Python wrapper script (scripts/agent.py) for using the sqlmap exploitation framework, which includes the use of flags such as --os-cmd to execute arbitrary operating system commands on target database servers.
- [COMMAND_EXECUTION]: The skill contains commands and logic to read sensitive local files from a target server's filesystem, specifically referencing /etc/passwd via the sqlmap --file-read capability.
- [DATA_EXFILTRATION]: The core functionality of the skill is designed to automate the extraction of sensitive information from databases, including user tables, password hashes, and configuration data.
- [EXTERNAL_DOWNLOADS]: The skill relies on and instructs the user to install the sqlmap package from external sources like PyPI or system-level package managers, which executes third-party code on the host system.
Recommendations
- AI detected serious security threats
Audit Metadata