offensive-sqli

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). Although there are no direct links to installers, this collection is highly suspicious because it includes an attacker-controlled domain, cloud IMDS metadata endpoints (169.254.169.254) commonly abused for credential exfiltration, and an offensive GitHub repo—together indicating likely malicious use or facilitation of malware/exfiltration rather than benign downloads.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content explicitly provides step-by-step exploitation techniques—file read/write (webshells), OS command execution (xp_cmdshell, COPY ... TO PROGRAM, DBMS_JAVA), IMDS/Kubernetes token exfiltration, WAF evasion and tamper workflows—enabling data exfiltration, credential theft, remote code execution and persistent backdoors, indicating clear malicious intent and high abuse potential.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's "Automation Workflow" explicitly instructs using tools that crawl and fetch public websites and archives (sublist3r, httpx, waybackurls, hakrawler) and then feed those results into scanners like sqlmap, which means the agent would ingest untrusted open-web content (arbitrary URLs/pages) that can materially influence subsequent scanning and exploit actions.