sqlmap
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill provides numerous instructions for executing the
sqlmapcommand-line tool. This includes high-risk operations such as requesting an interactive OS shell (--os-shell) or a SQL shell (--sql-shell) on a target database server. - [DATA_EXFILTRATION]: Documents the process of extracting database content through flags like
--dump,--dump-all, and--dbs. It specifically highlights how to target sensitive information such aspassword_hashfrom user tables. - [DATA_EXFILTRATION]: Includes instructions for reading arbitrary files from the target server's filesystem using the
--file-readflag, using/etc/passwdas a primary example. - [EXTERNAL_DOWNLOADS]: The documented tool inherently performs network requests to external URLs and APIs provided by the user to perform security testing and data extraction.
- [SAFE]: The skill includes a clear 'Guidelines' section emphasizing the necessity of written authorization and legal compliance before performing any penetration testing activities.
Audit Metadata