The Agent Skills Directory

[COMMAND_EXECUTION]: The skill documentation in SKILL.md provides multiple command-line examples using curl and sqlmap to demonstrate the exploitation of second-order SQL injection vulnerabilities against a placeholder target (target.com). These instructions are consistent with the skill's stated purpose for web application security testing.
[SAFE]: The provided Python script scripts/agent.py is a static analysis tool designed to scan local database dumps and source code directories. It uses regular expressions to identify common SQL injection patterns and vulnerable code sinks without executing the analyzed content or performing network operations.
[SAFE]: (Indirect Prompt Injection Surface Evaluation)
Ingestion points: The script scripts/agent.py reads the contents of external JSON database dumps and source code files using Path.read_text.
Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are included in the processing logic.
Capability inventory: The script's capabilities are restricted to file system read access for analysis and write access for generating the JSON report. It lacks network access, subprocess execution, or dynamic evaluation functions.
Sanitization: While the script does not sanitize the input files, it treats the data exclusively as text for regex matching and does not interpret or execute any part of the ingested data.

performing-second-order-sql-injection