The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides a specific command payload for a reverse shell using 'bash -i' directed to an attacker-controlled IP through PostgreSQL's 'COPY TO PROGRAM' feature.\n- [COMMAND_EXECUTION]: Instructs the use of 'xp_cmdshell' in MSSQL to execute arbitrary operating system commands on the target host.\n- [REMOTE_CODE_EXECUTION]: Details methods for transitioning from database access to full system execution using PostgreSQL dblink, MSSQL Linked Servers, and native stored procedures.\n- [DATA_EXFILTRATION]: Provides automated SQL queries to discover and extract sensitive information such as connection strings, passwords, and secrets from database configuration tables.\n- [DATA_EXFILTRATION]: Describes a methodology for performing internal network port scanning and SSRF via database connection timeout analysis (e.g., using dblink_connect).\n- [PROMPT_INJECTION]: The skill ingests untrusted data from database tables and configuration files (e.g., searching connection strings and secrets in SKILL.md and references/dblink-lateral.md). No boundary markers or delimiters are provided to isolate this data from the prompt context. The skill possesses extensive capabilities including system command execution (xp_cmdshell, COPY TO PROGRAM) and network connectivity (dblink_connect). No sanitization or validation of external content is performed before processing.

database-lateral-pivot