sqlmap-database-pentesting

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs using sqlmap to extract and dump sensitive data (usernames, passwords, password hashes) and even includes plaintext credentials in examples/request files, which requires the agent to handle and potentially output secret values verbatim and thus poses an exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The document is a high-risk, actionable guide for exploiting SQL injection that explicitly instructs data exfiltration (dumping databases and credentials), credential harvesting/cracking, obtaining remote OS shells and file upload (persistence), and evasion/anonymity techniques — all clear patterns for deliberate abuse when used without explicit authorized scope.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly guides active exploitation (os-shell, --os-cmd, --file-read, --file-write/uploading web shells, tamper scripts, etc.), instructing the agent to read/modify system files and execute commands on targets, which directly promotes compromising machine state.