sql-injection-testing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This skill explicitly instructs extraction and reporting of database contents (usernames, passwords, database dumps) and includes payloads and OOB exfiltration methods that would require the LLM to output secret values verbatim as evidence, creating an exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is explicitly a how-to for exploiting SQL injection vulnerabilities — including authentication bypass techniques, instructions to extract credentials and database dumps, and multiple out-of-band data exfiltration payloads that send sensitive data to attacker-controlled servers — and therefore constitutes deliberate malicious behavior.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly requires interacting with a target web application URL with injectable parameters (Inputs/Prerequisites) and instructs the agent to monitor and interpret responses in the Core Workflow (Detection/Exploitation phases), so it ingests untrusted third-party content from the target that can directly influence subsequent actions.