sqlmap-advanced

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes commands that embed cookies and passwords directly in CLI arguments (e.g., --cookie 'session=abc123', --data 'password=test'), which requires the agent to handle and potentially output secret values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill content is explicitly offensive: it provides actionable commands and techniques to exploit SQL injection for data exfiltration, reading sensitive files, obtaining OS shells, uploading webshells, bypassing WAFs, and conducting second‑order/internal network pivoting—clearly facilitating unauthorized compromise and backdoor installation.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow instructs running sqlmap against arbitrary external URLs (e.g., SKILL.md Phase 1 GET/POST examples and references/advanced-usage.md use of --second-url/--file-read and proxy options), meaning the agent/tool will fetch and interpret untrusted public web content which can materially influence subsequent probing and actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt instructs active exploitation commands (e.g., --file-write to /var/www/html/, --os-shell, --file-read=/flag.txt) that write files and obtain shells on the target and could modify the agent host's filesystem/state if run locally, so it pushes compromising system state.