sql-injection-methodology

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs extracting and then reporting database "flag" values (with validations) which requires the agent to output secret flag strings verbatim, creating an exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is an explicit offensive SQL-injection playbook: it contains step-by-step payloads, scripts and tool usage to exfiltrate sensitive data (LOAD_FILE, GROUP_CONCAT, DNS/OOB), write web shells (INTO OUTFILE/DUMPFILE, hex-encoded PHP), obtain OS shells via sqlmap, create privileged accounts (sp_addlogin/sp_addsrvrolemember), and perform privilege escalation and persistence — i.e., instructions for unauthorized system compromise and backdoor installation.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to fetch and interact with arbitrary external web targets (e.g., SKILL.md and AGENT.md recommend using "http_request" and show example URLs like "http://target/page.php" and the references (union-and-error.md, blind-injection.md, waf-bypass-sqlmap.md) include Python/sqlmap flows that POST/GET arbitrary target URLs and DNSLog services (ceye.io, dnslog.cn), so the agent will read untrusted public web content and use that content to drive subsequent actions.