sql-injection-detector
Sql Injection Detector - Auto-activating skill for Security Fundamentals. Triggers on: sql injection detector, sql injection detector Part of the Security Fundamentals skill category.
35
3%
Does it follow best practices?
Impact
94%
0.98xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./planned-skills/generated/03-security-fundamentals/sql-injection-detector/SKILL.mdQuality
Discovery
7%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is extremely minimal, essentially just restating the skill name and category without providing any actionable detail about what the skill does or when it should be used. It lacks concrete actions, natural trigger terms, and explicit usage guidance, making it nearly useless for skill selection among multiple options.
Suggestions
Add specific concrete actions the skill performs, e.g., 'Scans source code for SQL injection vulnerabilities, identifies unsanitized user inputs in database queries, and suggests parameterized query replacements.'
Add an explicit 'Use when...' clause with natural trigger terms, e.g., 'Use when the user asks about SQL injection, database security, input sanitization, parameterized queries, or wants to audit code for SQLi vulnerabilities.'
Remove the redundant duplicate trigger term ('sql injection detector' listed twice) and expand with varied natural language terms users might actually say, such as 'SQL security', 'query injection', 'database vulnerability', or 'SQLi detection'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description only names the skill ('Sql Injection Detector') and its category ('Security Fundamentals') but does not describe any concrete actions like scanning code, identifying vulnerable queries, or suggesting parameterized queries. | 1 / 3 |
Completeness | The description fails to answer both 'what does this do' (no concrete actions described) and 'when should Claude use it' (no explicit 'Use when...' clause or equivalent trigger guidance). It only states the skill name and category. | 1 / 3 |
Trigger Term Quality | The only trigger terms listed are 'sql injection detector' repeated twice. It misses natural user phrases like 'SQL injection', 'vulnerable queries', 'parameterized queries', 'input sanitization', 'database security', or 'SQLi'. | 1 / 3 |
Distinctiveness Conflict Risk | The term 'sql injection' is fairly specific to a niche domain, which provides some distinctiveness. However, the lack of concrete actions means it could overlap with other security-related skills that also deal with SQL or injection vulnerabilities. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
0%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is an empty shell with no actual content. It consists entirely of auto-generated boilerplate that describes what a SQL injection detector skill would do without providing any actual detection logic, code examples, patterns, or actionable guidance. It fails on every dimension as it teaches Claude nothing it doesn't already know.
Suggestions
Add concrete SQL injection detection code examples (e.g., parameterized query patterns, regex patterns for common injection vectors, input validation functions) that are copy-paste ready.
Include a clear workflow: 1) Identify input sources, 2) Apply detection patterns, 3) Validate/sanitize inputs, 4) Log and respond to detected attempts — with specific code at each step.
Remove all boilerplate meta-descriptions ('This skill provides automated assistance...', 'Example Triggers', etc.) and replace with actual technical content such as OWASP-aligned detection rules and safe query construction patterns.
Add concrete examples showing vulnerable code vs. secure code side-by-side, covering common injection types (union-based, blind, time-based).
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is entirely filler and boilerplate. It explains nothing Claude doesn't already know, repeats 'sql injection detector' excessively, and provides zero actual technical content about detecting SQL injection. | 1 / 3 |
Actionability | There are no concrete code examples, commands, detection patterns, regex patterns, or any executable guidance whatsoever. The content only describes what the skill supposedly does without actually providing any instructions on how to do it. | 1 / 3 |
Workflow Clarity | No workflow, steps, or process is defined. The skill claims to provide 'step-by-step guidance' but contains none. There are no validation checkpoints or any sequenced instructions. | 1 / 3 |
Progressive Disclosure | The content is a flat, repetitive structure with no references to detailed materials, no links to related files, and no meaningful organization of content across sections. The sections that exist are all meta-descriptions rather than actual content. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
c8a915c
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.