sqlmap

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content provides explicit, actionable instructions to discover and exploit SQL injection vulnerabilities (including database enumeration and dumping, password/hash extraction) plus WAF/IDS evasion techniques, enabling data exfiltration and credential theft if used without authorization.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs running sqlmap against arbitrary target URLs (e.g., sqlmap -u "http://<target>/page?id=1" --crawl=2 and wrapper scripts like dump-database.sh <target-url>), so the agent fetches and interprets untrusted public web content which directly drives further testing and actions.