sql-injection-detector
Sql Injection Detector - Auto-activating skill for Security Fundamentals. Triggers on: sql injection detector, sql injection detector Part of the Security Fundamentals skill category.
38
Quality
7%
Does it follow best practices?
Impact
94%
0.98xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./planned-skills/generated/03-security-fundamentals/sql-injection-detector/SKILL.mdQuality
Discovery
7%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is essentially a placeholder with no functional content. It only states the skill name, repeats the trigger term, and mentions a category without explaining what the skill does or when to use it. The description provides no value for skill selection among multiple options.
Suggestions
Add concrete actions describing what the skill does, e.g., 'Scans code for SQL injection vulnerabilities, identifies unsanitized user inputs, and suggests parameterized query fixes.'
Add a 'Use when...' clause with natural trigger terms like 'check for SQL injection', 'security audit', 'vulnerable database queries', 'sanitize SQL', or 'prevent injection attacks'.
Remove the redundant duplicate trigger term and replace with varied natural language phrases users would actually say when needing this functionality.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description only names the skill ('Sql Injection Detector') without describing any concrete actions. There are no verbs indicating what the skill actually does - no mention of scanning, detecting, analyzing, or reporting. | 1 / 3 |
Completeness | The description fails to answer 'what does this do' (no actions described) and 'when should Claude use it' (no explicit use cases or trigger guidance beyond the redundant skill name). The 'Auto-activating skill' and 'Part of category' phrases are metadata, not functional descriptions. | 1 / 3 |
Trigger Term Quality | The only trigger terms listed are 'sql injection detector' repeated twice, which is the skill name itself. Missing natural user phrases like 'check for SQL injection', 'security scan', 'vulnerable queries', 'sanitize input', or 'database security'. | 1 / 3 |
Distinctiveness Conflict Risk | The term 'SQL injection' is fairly specific to a security domain, which provides some distinctiveness. However, without describing what the skill actually does, it could conflict with other security-related skills that might also handle SQL injection scenarios. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
7%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is a placeholder template with no actual content about SQL injection detection. It contains only generic boilerplate describing what a skill should do without any concrete detection techniques, code examples, regex patterns, or security guidance. The skill fails to teach Claude anything actionable about identifying SQL injection vulnerabilities.
Suggestions
Add concrete SQL injection detection patterns (e.g., regex for common payloads like ' OR 1=1, UNION SELECT, etc.)
Include executable code examples showing how to validate/sanitize user input or use parameterized queries
Provide a clear workflow: 1) Identify input sources, 2) Check for vulnerable patterns, 3) Validate findings, 4) Recommend fixes
Add references to OWASP SQL Injection Prevention Cheat Sheet or link to a detailed PATTERNS.md file with detection signatures
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is padded with generic boilerplate that explains nothing specific about SQL injection detection. Phrases like 'provides automated assistance' and 'follows industry best practices' are filler that Claude already understands. | 1 / 3 |
Actionability | No concrete code, commands, or specific techniques for detecting SQL injection are provided. The content describes what the skill does abstractly but gives zero executable guidance on how to actually detect SQL injection. | 1 / 3 |
Workflow Clarity | No workflow, steps, or process for SQL injection detection is defined. The skill mentions 'step-by-step guidance' but provides none, and there are no validation checkpoints for security-critical operations. | 1 / 3 |
Progressive Disclosure | The content has some structure with clear sections, but there are no references to detailed materials, examples, or external documentation. For a security topic, links to OWASP resources or detection pattern files would be expected. | 2 / 3 |
Total | 5 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
994edc4
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.