Which programming frameworks are supported?

The skill is framework-agnostic but provides specific guidance for popular ecosystems including Django, Ruby on Rails, Express (Node.js), and Spring (Java).

Does it provide automated fixes for security bugs?

While it identifies the vulnerabilities, it focuses on providing expert remediation recommendations and code patterns for the developer to review and implement safely.

How does this skill find SQL injection vulnerabilities?

It uses a combination of pattern matching, grep-based scanning, and data flow analysis to identify where user input reaches database queries without proper sanitization or parameterization.

Where are the security scan reports saved?

Reports are automatically generated and saved as Markdown files within the {baseDir}/security-reports/ directory for easy tracking and documentation.

SQL Injection Vulnerability Detector

Name: SQL Injection Vulnerability Detector
Author: jeremylongshore

byjeremylongshore

•

1,031

安全与测试

Identifies and mitigates SQL injection risks by analyzing application source code and database query patterns.

关于

This skill empowers developers to proactively secure their applications by automating the detection and analysis of SQL injection vulnerabilities. By scanning source code, ORM configurations, and query construction patterns, it flags potential injection vectors, documents their impact, and provides actionable recommendations for remediation—such as parameterized queries and robust input validation—ensuring database integrity and application security across various frameworks like Django, Rails, and Express.

主要功能

Remediation guidance based on OWASP security standards
Automated source code scanning for SQLi risks
Data flow analysis from input surfaces to database queries
Detailed security reporting with impact documentation
Review of ORM configurations and raw SQL construction
1,031 GitHub stars

使用场景

Refactoring manual SQL queries into secure parameterized patterns
Reviewing new code submissions for potential injection vulnerabilities before deployment
Performing a security audit on legacy database-driven applications

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills detecting-sql-injection-vulnerabilities

For use in Claude.ai and ChatGPT

Download Skill

GitHub

关于