exploiting-sql-injection-with-sqlmap

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly demonstrates embedding plaintext credentials and session cookies in command-line sqlmap invocations and instructs dumping sensitive database contents (including password hashes), which requires the LLM/user to handle and potentially output secret values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content provides explicit, actionable instructions and automation for exploiting SQL injection to exfiltrate sensitive data, execute OS commands, crack credentials, and bypass WAFs—capabilities that enable clear malicious abuse and backdoor-style compromise if used without authorization.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly runs sqlmap against arbitrary target URLs provided in SKILL.md and scripts/agent.py (e.g., run_detection_scan and enumerate_databases call sqlmap with a user-supplied --url or -r request file), meaning it ingests and parses untrusted public web content and sqlmap output which can materially drive subsequent tool actions like enumeration and data dumps.