detecting-sql-injection-vulnerabilities | sql-injection-detector | ClaudePluginHub

Skill

Community

detecting-sql-injection-vulnerabilities

From sql-injection-detector

927

Description

Detect and analyze SQL injection vulnerabilities in application code and database queries. Use when you need to scan code for SQL injection risks, review query construction, validate input sanitization, or implement secure query patterns. Trigger with phrases like "detect SQL injection", "scan for SQLi vulnerabilities", "review database queries", or "check SQL security".

AI Summary

Scans application code for SQL injection vulnerabilities by analyzing query construction and input validation. Use when you need to detect SQLi risks, review database queries, or implement secure parameterized query patterns.

Install

1

Add the repository(one-time)

$

/plugin marketplace add jeremylongshore/claude-code-plugins-plus-skills

2

Install the plugin

$

/plugin install sql-injection-detector@claude-code-plugins-plus

Tool Access

This skill is limited to using the following tools:

ReadWriteEditGrepGlobBash(code-scan:*)Bash(security-test:*)

Supporting Assets

View in Repository

assets/README.md

assets/sqli_payloads.json

references/README.md

references/critical-findings.md

references/errors.md

references/examples.md

references/implementation.md

scripts/README.md

scripts/sqli_exploit.py

scripts/sqli_remediate.py

scripts/sqli_scan.py

Skill Content

Detecting Sql Injection Vulnerabilities

Overview

This skill provides automated assistance for the described functionality.

Prerequisites

Before using this skill, ensure:

Application source code accessible in {baseDir}/
Database query files and ORM configurations available
Framework information (Django, Rails, Express, Spring, etc.)
Write permissions for security reports in {baseDir}/security-reports/

Instructions

Identify input surfaces and data flows into database queries.
Review query construction and parameterization patterns.
Flag injection vectors and document impact.
Recommend fixes (parameterized queries, ORM patterns, validation) and tests.

See {baseDir}/references/implementation.md for detailed implementation guide.

Output

The skill produces:

Primary Output: SQL injection vulnerability report saved to {baseDir}/security-reports/sqli-scan-YYYYMMDD.md

Report Structure:

# SQL Injection Vulnerability Report
Scan Date: 2024-01-15
Application: E-commerce Platform
Framework: Django 4.2

## Error Handling

See `{baseDir}/references/errors.md` for comprehensive error handling.

## Examples

See `{baseDir}/references/examples.md` for detailed examples.

## Resources

- SQL Injection Prevention Cheat Sheet: https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html
- OWASP Top 10 - Injection: https://owasp.org/www-project-top-ten/
- CWE-89: SQL Injection: https://cwe.mitre.org/data/definitions/89.html
- CAPEC-66: SQL Injection: https://capec.mitre.org/data/definitions/66.html
- Django Security: https://docs.djangoproject.com/en/stable/topics/security/

Links

GitHub Stats

113 forks

Updated 3 days ago

Similar Skills

Use when working with Payload CMS projects (payload.config.ts, collections, fields, hooks, access control, Payload API). Use when debugging validation errors, security issues, relationship queries, transactions, or hook behavior.

39.8k

gitops-workflow

Implement GitOps workflows with ArgoCD and Flux for automated, declarative Kubernetes deployments with continuous reconciliation. Use when implementing GitOps practices, automating Kubernetes deployments, or setting up declarative infrastructure management.

kubernetes-operations

24.8k

helm-chart-scaffolding

Design, organize, and manage Helm charts for templating and packaging Kubernetes applications with reusable configurations. Use when creating Helm charts, packaging Kubernetes applications, or implementing templated deployments.

kubernetes-operations

24.8k