sqlmap-advanced
Warn
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is essentially a collection of shell command templates for the sqlmap utility, promoting complex command-line interactions and local logging to /tmp/sqlmap_output.log.
- [DATA_EXFILTRATION]: Explicitly includes instructions for the --file-read flag, with examples targeting sensitive files like /etc/passwd and /flag.txt on remote servers.
- [REMOTE_CODE_EXECUTION]: Provides detailed documentation and examples for high-risk flags including --os-shell (obtaining interactive remote shells) and --file-write (uploading web shells for persistent execution on targets).
- [PROMPT_INJECTION]: Instructs the agent to always use the --batch flag, which suppresses interactive safety prompts from the underlying tool, thereby reducing the opportunity for user oversight during execution.
Audit Metadata