offensive-sqli
Fail
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions and specific payloads for executing OS-level commands through database administrative features, such as MSSQL's
xp_cmdshell, PostgreSQL'sCOPY FROM PROGRAM, and Oracle'sDBMS_JAVA.RUNJAVA. - [DATA_EXFILTRATION]: Instructions include techniques for exfiltrating highly sensitive environment data, such as Kubernetes service account tokens and AWS IAM credentials, including specific commands that send this data to an external attacker-controlled domain via
curl. - [EXTERNAL_DOWNLOADS]: The automation workflow relies on a large suite of external third-party security tools (e.g.,
sqlmap,ghauri,sublist3r,arjun) that would need to be installed and executed in the user's environment.
Recommendations
- AI detected serious security threats
Audit Metadata