detecting-sql-injection-vulnerabilities

This skill enables Claude to detect SQL injection vulnerabilities in code. It uses the sql-injection-detector plugin to analyze codebases, identify potential SQL injection flaws, and provide remediation guidance. Use this skill when the user asks to find SQL injection vulnerabilities, scan for SQL injection, or check code for SQL injection risks. The skill is triggered by phrases like "detect SQL injection", "scan for SQLi", or "check for SQL injection vulnerabilities".

Install with Tessl CLI

npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill detecting-sql-injection-vulnerabilities

What are skills?

1.13x

Quality

60%

Does it follow best practices?

Impact

92%

1.13x

Average score across 9 eval scenarios

Optimize this skill with Tessl

npx tessl skill review --optimize ./backups/skills-migration-20251108-070147/plugins/security/sql-injection-detector/skills/sql-injection-detector/SKILL.md

SKILL.md

Review

Evals

Evaluation results

90%

SQL Injection Security Assessment: Legacy Inventory System

Vulnerability report format and severity categorization

Criteria

Without context

With context

Severity classification

100%

Multiple severity levels

100%

Code location specificity

100%

Input validation recommendation

100%

Parameterized queries recommendation

100%

Least privilege recommendation

100%

Plugin or tool referenced

Remediation per finding

100%

Authentication function flagged

100%

Order-by injection flagged

100%

Without context: $0.2750 · 2m 27s · 8 turns · 9 in / 5,955 out tokens

With context: $0.5031 · 3m 42s · 24 turns · 255 in / 8,105 out tokens

79%

22%

DevSecOps Runbook: SQL Injection Scanning Procedure

SQL injection detection plugin and 4-step workflow

Criteria

Without context

With context

Plugin named

100%

Initiate scan step

100%

Code analysis step

90%

100%

Vulnerability identification step

80%

100%

Report generation step

100%

Severity categorization in workflow

100%

Static analysis integration

Dynamic testing integration

30%

Vulnerability management integration

90%

80%

Trigger conditions documented

40%

60%

Without context: $0.2555 · 2m 46s · 11 turns · 12 in / 4,960 out tokens

With context: $0.3420 · 2m 34s · 20 turns · 285 in / 5,294 out tokens

90%

Secure Code Review: Customer Portal Backend

Remediation recommendations completeness

Criteria

Without context

With context

Severity per finding

100%

Function-level locations

100%

Input validation in review

100%

Parameterized queries in review

100%

Least privilege in review

100%

Prepared statements in patched PHP

100%

Prepared statements in patched reports

100%

Order-by injection mitigated

100%

Auth bypass finding

100%

Plugin or scan tool referenced

Without context: $0.4639 · 5m 3s · 19 turns · 20 in / 8,283 out tokens

With context: $0.6675 · 5m 42s · 31 turns · 123 in / 9,361 out tokens

100%

Security Review: Database Layer Pull Request

Code change review for SQL injection risks

Criteria

Without context

With context

Plugin referenced

100%

Severity per finding

100%

loginUser flagged

100%

updateUserProfile flagged

100%

ORDER BY injection flagged

100%

Parameterized queries in review

100%

Input validation in review

100%

Least privilege in review

100%

Parameterized queries in patched auth

100%

Parameterized queries in patched search

100%

ORDER BY allowlist in patched search

100%

Without context: $0.4438 · 4m 16s · 19 turns · 20 in / 7,869 out tokens

With context: $0.5914 · 5m 28s · 29 turns · 27 in / 8,423 out tokens

88%

Developer Security Onboarding: SQL Injection Prevention Guide

SQL injection prevention education and developer guidance

Criteria

Without context

With context

Plugin as detection tool

Input validation practice

100%

Parameterized queries practice

100%

Least privilege practice

100%

Python parameterized examples

100%

JS parameterized examples

100%

Vulnerable Python patterns

100%

Severity / risk explanation

100%

Detection guidance

100%

No credential leak in examples

100%

Without context: $0.8073 · 6m 38s · 29 turns · 30 in / 14,712 out tokens

With context: $0.8649 · 7m 28s · 37 turns · 644 in / 14,243 out tokens

90%

SQL Injection Security Architecture for a Healthcare API

Security pipeline integration and tooling strategy

Criteria

Without context

With context

Plugin named in architecture

Static analysis integration

100%

Dynamic testing integration

100%

Vulnerability management integration

100%

Severity categorization in scan report

100%

Function-level location specificity

100%

get_patient_records flagged

100%

ORDER BY injection flagged

100%

Parameterized queries recommended

100%

Input validation recommended

100%

Least privilege recommended

100%

4-step workflow reflected

100%

Without context: $0.4487 · 5m 10s · 18 turns · 19 in / 8,561 out tokens

With context: $0.5662 · 5m 30s · 23 turns · 23 in / 9,678 out tokens

100%

Inventory Management System Security Audit

Java Spring Boot SQL injection detection and ORM native query risks

Criteria

Without context

With context

Plugin referenced

100%

Severity per finding

100%

searchItems flagged

100%

findBySku native query flagged

100%

ORDER BY injection flagged

100%

JPQL injection flagged

100%

Parameterized queries in InventoryRepository

100%

Parameterized queries in ReportQueries

100%

ORDER BY allowlist fix

100%

JPQL named parameters fix

100%

Parameterized queries recommended

100%

Input validation recommended

100%

Without context: $0.4987 · 4m 35s · 22 turns · 23 in / 8,451 out tokens

With context: $0.7016 · 5m 34s · 30 turns · 61 in / 10,583 out tokens

100%

28%

Security Onboarding Package for New Engineering Team

Pre-deployment security workflow and multi-tool integration documentation

Criteria

Without context

With context

Plugin named in process guide

100%

4 distinct workflow phases

100%

Static analysis integration

100%

Dynamic testing integration

100%

Vulnerability management integration

100%

Severity categorization documented

100%

Parameterized queries in secure examples

66%

100%

Distinct vulnerable patterns

100%

Input validation in checklist

100%

Parameterized queries in checklist

100%

Least privilege in checklist

100%

Plugin scan step in checklist

100%

Without context: $0.4858 · 3m 56s · 21 turns · 22 in / 8,965 out tokens

With context: $0.7009 · 4m 22s · 33 turns · 31 in / 10,896 out tokens

97%

SaaS Customer Data API Security Assessment

Go application SQL injection scan with least privilege and input validation remediation

Criteria

Without context

With context

Plugin referenced

62%

Severity per finding

100%

GetCustomerProfile flagged

100%

SearchCustomers ORDER BY flagged

100%

Parameterized queries in customer_queries.go

100%

Parameterized queries in admin_queries.go

100%

ORDER BY allowlist fix

100%

Admin account risk explained

100%

Least privilege configuration recommended

100%

Separate read/write roles suggested

100%

Input validation recommended

100%

Tenant isolation risk noted

100%

Without context: $0.3861 · 3m 26s · 12 turns · 13 in / 8,074 out tokens

With context: $0.6965 · 5m 34s · 30 turns · 60 in / 10,873 out tokens

Evaluated: 5 days ago
Agent: Claude Code
Model: Claude Sonnet 4.6

Table of Contents

SQL Injection Security Assessment: Legacy Inventory System DevSecOps Runbook: SQL Injection Scanning Procedure Secure Code Review: Customer Portal Backend Security Review: Database Layer Pull Request Developer Security Onboarding: SQL Injection Prevention Guide SQL Injection Security Architecture for a Healthcare API Inventory Management System Security Audit Security Onboarding Package for New Engineering Team SaaS Customer Data API Security Assessment

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.