sql-injection-detector
Sql Injection Detector - Auto-activating skill for Security Fundamentals. Triggers on: sql injection detector, sql injection detector Part of the Security Fundamentals skill category.
Install with Tessl CLI
npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill sql-injection-detectorOverall
score
19%
Does it follow best practices?
Validation for skill structure
Activation
7%This description is severely lacking in all key areas. It provides only the skill name and category without explaining what the skill does, what actions it performs, or when Claude should select it. The description reads like auto-generated boilerplate rather than a useful guide for skill selection.
Suggestions
Add concrete actions describing what the skill does, e.g., 'Scans code for SQL injection vulnerabilities, identifies unsanitized user inputs, and suggests parameterized query fixes.'
Include a 'Use when...' clause with natural trigger terms like 'Use when reviewing code for SQL injection, checking database queries, auditing security vulnerabilities, or when user mentions SQL security, input sanitization, or query parameters.'
Remove the redundant duplicate trigger term and expand with variations users would naturally say, such as 'SQL security', 'database vulnerability', 'injection attack', 'sanitize queries'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description only names the skill ('Sql Injection Detector') without describing any concrete actions. There are no verbs indicating what the skill actually does - no mention of scanning, detecting, analyzing, or reporting. | 1 / 3 |
Completeness | The description fails to answer both 'what does this do' and 'when should Claude use it'. There is no 'Use when...' clause and no explanation of the skill's functionality beyond its name. | 1 / 3 |
Trigger Term Quality | The only trigger terms listed are 'sql injection detector' repeated twice, which is the skill name itself. Missing natural user phrases like 'check for SQL injection', 'security vulnerability', 'sanitize input', 'database security', or 'query injection'. | 1 / 3 |
Distinctiveness Conflict Risk | The term 'SQL injection' is fairly specific to a security domain, which provides some distinctiveness. However, without describing what actions it performs, it could conflict with other security-related skills. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
0%This skill is essentially a placeholder template with no actual content about SQL injection detection. It contains only generic boilerplate describing what a skill should do without any concrete techniques, code examples, detection patterns, or actionable guidance for identifying SQL injection vulnerabilities.
Suggestions
Add concrete code examples showing SQL injection detection patterns (e.g., regex patterns for common injection signatures, parameterized query validation)
Include specific detection techniques: input validation rules, prepared statement verification, common attack pattern recognition
Provide a clear workflow: 1) Identify user input points, 2) Check for parameterization, 3) Scan for concatenation patterns, 4) Validate findings
Remove all generic boilerplate ('provides automated assistance', 'follows best practices') and replace with actual SQL injection detection content
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is padded with generic boilerplate that explains nothing specific about SQL injection detection. Phrases like 'provides automated assistance' and 'follows industry best practices' are filler that Claude already understands. | 1 / 3 |
Actionability | No concrete code, commands, or specific techniques for detecting SQL injection are provided. The content describes what the skill does abstractly but gives zero executable guidance on how to actually detect SQL injection. | 1 / 3 |
Workflow Clarity | No workflow, steps, or process is defined. The skill claims to provide 'step-by-step guidance' but contains none. There are no validation checkpoints or sequences for SQL injection detection. | 1 / 3 |
Progressive Disclosure | The content is a monolithic block of vague descriptions with no references to detailed materials, examples, or related documentation. No structure for discovery or navigation to deeper content. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
69%Validation — 11 / 16 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
description_trigger_hint | Description may be missing an explicit 'when to use' trigger hint (e.g., 'Use when...') | Warning |
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
metadata_version | 'metadata' field is not a dictionary | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
body_steps | No step-by-step structure detected (no ordered list); consider adding a simple workflow | Warning |
Total | 11 / 16 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.