The Agent Skills Directory

[COMMAND_EXECUTION]: The playbook contains extensive documentation on executing OS commands through SQL injection. Examples include MSSQL's xp_cmdshell, Oracle's DBMS_SCHEDULER, and MySQL's system() via UDF. These are explicitly described as escalation paths from database access to system control.\n- [DATA_EXFILTRATION]: Provides comprehensive methods for extracting sensitive database information. This includes UNION-based extraction and out-of-band exfiltration via DNS (e.g., UTL_INADDR), SMB (e.g., LOAD_FILE with UNC paths), and HTTP (e.g., UTL_HTTP). Payloads utilize attacker.com as a placeholder for the exfiltration listener.\n- [REMOTE_CODE_EXECUTION]: Describes multiple vectors for remote code execution, such as using SQLite to write webshells to the web root or persistent reverse shells to crontabs. It also details the use of SQLMap's --os-shell and --os-pwn functionalities for automated exploitation.\n- [SAFE]: While the skill contains many patterns associated with malicious activity (e.g., reverse shell strings, credential harvesting scripts), these are appropriately contextualized as educational examples within an offensive security playbook. No malicious instructions, hidden backdoors, or unauthorized data access attempts were found in the skill's own logic.

sqli-sql-injection