detecting-sql-injection-vulnerabilities
tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill detecting-sql-injection-vulnerabilitiesThis skill enables Claude to detect SQL injection vulnerabilities in code. It uses the sql-injection-detector plugin to analyze codebases, identify potential SQL injection flaws, and provide remediation guidance. Use this skill when the user asks to find SQL injection vulnerabilities, scan for SQL injection, or check code for SQL injection risks. The skill is triggered by phrases like "detect SQL injection", "scan for SQLi", or "check for SQL injection vulnerabilities".
Validation
81%| Criteria | Description | Result |
|---|---|---|
metadata_version | 'metadata' field is not a dictionary | Warning |
license_field | 'license' field is missing | Warning |
body_output_format | No obvious output/return/format terms detected; consider specifying expected outputs | Warning |
Total | 13 / 16 Passed | |
Implementation
20%This skill content is overly verbose and lacks actionable guidance. It explains concepts Claude already understands (SQL injection basics, generic security practices) while failing to provide the concrete plugin invocation syntax, command examples, or output formats needed to actually use the sql-injection-detector plugin.
Suggestions
Replace abstract descriptions with concrete plugin invocation syntax (e.g., actual command or function call to run the scanner)
Add a real example showing input code snippet and expected scanner output format
Remove generic SQL injection education (input validation, parameterized queries) that Claude already knows
Include specific parameters/options the plugin accepts and how to interpret severity levels in the output
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Extremely verbose with unnecessary explanations Claude already knows (what SQL injection is, generic best practices like input validation). The 'Overview' section restates the description, and 'How It Works' explains obvious plugin behavior without adding actionable value. | 1 / 3 |
Actionability | No concrete code, commands, or executable examples. The 'Examples' section describes what the skill will do abstractly rather than showing actual plugin invocation syntax, command-line usage, or output formats. | 1 / 3 |
Workflow Clarity | Steps are listed in 'How It Works' but lack specifics on how to actually invoke the plugin, what parameters to pass, or how to interpret/validate results. No validation checkpoints or error handling guidance. | 2 / 3 |
Progressive Disclosure | Content is organized into sections but everything is inline without references to detailed documentation. The 'Best Practices' and 'Integration' sections add bulk without pointing to external resources for deeper information. | 2 / 3 |
Total | 6 / 12 Passed |
Activation
100%This is a well-crafted skill description that excels across all dimensions. It provides specific capabilities, includes natural trigger terms with variations (SQL injection, SQLi), explicitly states when to use it, and carves out a distinct niche that won't conflict with other security or code analysis skills.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple concrete actions: 'detect SQL injection vulnerabilities', 'analyze codebases', 'identify potential SQL injection flaws', and 'provide remediation guidance'. Uses third person voice correctly. | 3 / 3 |
Completeness | Clearly answers both what (detect vulnerabilities, analyze codebases, provide remediation) AND when with explicit 'Use this skill when...' clause listing specific trigger scenarios and phrases. | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural terms users would say: 'SQL injection', 'SQLi', 'scan for SQL injection', 'check for SQL injection vulnerabilities', 'detect SQL injection'. Includes both formal and abbreviated forms. | 3 / 3 |
Distinctiveness Conflict Risk | Very specific niche focused on SQL injection detection specifically. Clear distinction from general code analysis or other security scanning skills through explicit SQL injection terminology throughout. | 3 / 3 |
Total | 12 / 12 Passed |
Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.