sqlmap-database-pentesting
Fail
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides numerous shell command templates for executing the SQLMap utility. These templates include highly dangerous flags such as
--os-shellfor obtaining interactive shells,--os-cmdfor executing arbitrary commands, and--file-writefor uploading files to target servers. - [DATA_EXFILTRATION]: The skill contains specific instructions and command patterns for extracting sensitive data from databases. This includes dumping entire database tables (
--dump,--dump-all) and extracting password hashes for offline cracking (--passwords). - [DATA_EXFILTRATION]: The skill facilitates the unauthorized reading of sensitive local system files from a target server. Evidence: A command template specifically targets
/etc/passwdusing the--file-readflag. - [COMMAND_EXECUTION]: The workflow includes techniques specifically designed to bypass security infrastructure like Web Application Firewalls (WAFs) and Intrusion Prevention Systems (IPS). Evidence: The use of
--tamperscripts (e.g.,space2comment),--random-agent, and--delayto evade detection filters.
Recommendations
- AI detected serious security threats
Audit Metadata