mediumexperimentalLinuxAI/MLT1005

LLM Service Launching SQL Client From Generated Workflow

Detects LLM service processes spawning SQL clients (psql, mysql, sqlite3). SQL clients launched from model output suggest the service is executing model-generated queries without proper sanitisation, risking SQL injection via LLM output.

Updated Jan 15, 2025 · Detection Engineering Team

llmimproper-outputlinuxsqlowasp-llm05

Problem Statement

Passing model-generated text to SQL CLI clients creates an injection path where malicious prompt content becomes a SQL query, potentially enabling data theft, modification, or destruction.

Sample Logs

{"timestamp":"2025-01-15T14:55:17Z","computer_name":"llm-host-02","user":"llm_svc","image":"/usr/bin/psql","command_line":"psql -U admin -d production -c "DROP TABLE users;"","parent_image":"/opt/llm/app/query_runner.py"}

Required Fields

image

command_line

parent_image

user

computer_name

False Positives

·LLM-based text-to-SQL tools that intentionally execute generated queries via CLI

Tuning Guidance

LLM services should use parameterised queries via a database driver, not CLI clients. Any CLI-based SQL execution from an LLM process warrants investigation.