detecting-sql-injection-vulnerabilities
This skill enables Claude to detect SQL injection vulnerabilities in code. It uses the sql-injection-detector plugin to analyze codebases, identify potential SQL injection flaws, and provide remediation guidance. Use this skill when the user asks to find SQL injection vulnerabilities, scan for SQL injection, or check code for SQL injection risks. The skill is triggered by phrases like "detect SQL injection", "scan for SQLi", or "check for SQL injection vulnerabilities".
Install with Tessl CLI
npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill detecting-sql-injection-vulnerabilities87
Quality
60%
Does it follow best practices?
Impact
92%
1.13xAverage score across 9 eval scenarios
Optimize this skill with Tessl
npx tessl skill review --optimize ./backups/skills-migration-20251108-070147/plugins/security/sql-injection-detector/skills/sql-injection-detector/SKILL.mdDiscovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-crafted skill description that excels across all dimensions. It clearly specifies concrete capabilities, includes comprehensive trigger terms with natural variations (SQL injection, SQLi), explicitly states when to use the skill, and occupies a distinct niche that won't conflict with other skills.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple concrete actions: 'detect SQL injection vulnerabilities', 'analyze codebases', 'identify potential SQL injection flaws', and 'provide remediation guidance'. Uses third person voice correctly. | 3 / 3 |
Completeness | Clearly answers both what (detect vulnerabilities, analyze codebases, provide remediation) AND when with explicit 'Use this skill when...' clause and specific trigger phrases listed. | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural terms users would say: 'SQL injection', 'SQLi', 'scan for SQL injection', 'check for SQL injection vulnerabilities', 'find SQL injection vulnerabilities'. Includes both formal and abbreviated forms. | 3 / 3 |
Distinctiveness Conflict Risk | Very specific niche focused on SQL injection detection specifically. Unlikely to conflict with general code analysis or other security scanning skills due to explicit SQL injection focus and specific trigger terms. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
20%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill content is overly verbose and lacks actionable guidance. It explains concepts Claude already understands (SQL injection basics, generic security best practices) while failing to provide the concrete information needed: actual plugin commands, parameter syntax, output format examples, or specific remediation code patterns. The content reads more like marketing copy than technical documentation.
Suggestions
Replace abstract descriptions with concrete plugin invocation syntax (e.g., `sql-injection-detector scan --path ./src --output report.json`)
Add executable code examples showing vulnerable patterns and their secure alternatives, not just descriptions of what the skill 'will do'
Remove generic best practices section (parameterized queries, input validation) - Claude already knows these; instead show project-specific remediation patterns
Include example output format from the plugin so Claude knows how to parse and present results to users
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Extremely verbose with unnecessary explanations Claude already knows (what SQL injection is, generic best practices like input validation). The overview restates the description, and sections like 'How It Works' describe obvious plugin behavior rather than providing actionable guidance. | 1 / 3 |
Actionability | No concrete code, commands, or executable examples. The 'Examples' section describes what the skill will do abstractly rather than showing actual plugin invocation syntax, command-line usage, or expected output formats. | 1 / 3 |
Workflow Clarity | Steps are listed in 'How It Works' but lack specifics on how to actually invoke the plugin, what parameters to pass, or how to interpret results. No validation checkpoints or error handling guidance for when scans fail or produce false positives. | 2 / 3 |
Progressive Disclosure | Content is organized into sections but everything is inline with no references to external documentation. The 'Integration' section mentions other tools but provides no links or concrete guidance on how to combine them. | 2 / 3 |
Total | 6 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.