sql-injection-testing
Fail
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill provides specific SQL payloads designed to exfiltrate database information to external domains such as attacker-server.com and attacker.com using DNS exfiltration (via 'xp_dirtree' and 'LOAD_FILE') and HTTP requests (via 'UTL_HTTP.REQUEST').
- [PROMPT_INJECTION]: The skill instructions direct the agent to 'perform SQLi attacks' and 'bypass authentication', which are offensive operations that could be used to override or ignore safety guidelines regarding harmful activities.
- [COMMAND_EXECUTION]: It details the use of high-risk SQL functions and procedures that can interact with the host system's file system or network, which may facilitate system-level compromise beyond the database layer.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it is designed to process untrusted data from external targets.
- Ingestion points: Web application input fields including URL parameters, form fields, cookies, and HTTP headers as described in Phase 1 of 'SKILL.md'.
- Boundary markers: No delimiters or instructions to ignore embedded commands in external data are present.
- Capability inventory: The skill utilizes sophisticated SQL exploitation strings and relies on automated tools like SQLMap.
- Sanitization: No input validation, escaping, or sanitization logic is specified for the processed external content.
Recommendations
- AI detected serious security threats
Audit Metadata