The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/agent.py automates the execution of the sqlmap utility using the subprocess module to perform security testing and database enumeration. It uses list-based arguments to prevent traditional shell command injection.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. In scripts/agent.py, the output of sqlmap (which contains data fetched from external, untrusted target web applications) is parsed and printed to the console without sanitization or the use of boundary markers. A malicious target database or web application could include instructions within its schema or data designed to manipulate the behavior of the AI agent reviewing the scan results.
Ingestion points: scripts/agent.py reads stdout from subprocess.run calls to sqlmap (which contains data from the target system).
Boundary markers: Absent. The output is parsed and presented as raw strings in the generated report.
Capability inventory: The skill has the capability to execute system commands via sqlmap and access target networks.
Sanitization: Absent. No filtering or escaping is applied to the data extracted from the target system before it is returned to the agent.
[DATA_EXFILTRATION]: The skill's primary function is to extract data from target databases (e.g., table dumps). This is the intended behavior for a penetration testing tool, but it should be used only on authorized targets.

exploiting-sql-injection-with-sqlmap