exploiting-sql-injection-with-sqlmap

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that embed plaintext credentials and session cookies directly into command-line sqlmap/curl invocations and instructs dumping/exposing password data, which requires the LLM to handle or output secret values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content explicitly documents and automates SQL injection exploitation (including dumping databases, cracking password hashes, reading server files, executing OS commands, and WAF bypass techniques), which are clear instructions for data exfiltration, credential theft, and remote system compromise if used without explicit authorization.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's agent runs sqlmap against arbitrary public target URLs (see SKILL.md examples like "https://target.example.com/products?id=1" and scripts/agent.py --url argument), ingests and parses sqlmap/stdout derived from those HTTP responses, and uses that parsed output to decide follow-up actions (e.g., enumerate/dump), which clearly exposes it to untrusted third‑party content from open websites that can influence behavior.