sqlmap

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that embed secrets verbatim in command-line arguments (e.g., --cookie="session=abc123", --headers="Authorization: Bearer eyJ...") and instructs dumping/extracting credentials, which requires the agent to output secret values directly.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content gives explicit, actionable instructions to exploit SQL injection for data exfiltration (dumping databases, credentials), file reads, and obtaining OS shells/remote command execution, which are strong indicators of deliberate malicious/abusive capability.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs running sqlmap against arbitrary URLs (e.g., sqlmap -u "https://target.example.com/" with --crawl and --forms) and to use captured request files (-r captured-request.txt), which requires fetching and parsing untrusted public web content that the tool uses to drive further actions.