This skill should be used when the user asks to "test for SQL injection vulnerabilities", "perform SQLi attacks", "bypass authentication using SQL injection", "extract database information through injection", "detect SQL injection flaws", or "exploit database query vulnerabilities". It provides comprehensive techniques for identifying, exploiting, and understanding SQL injection attack vectors across different database systems.
8.1
Rating
0
Installs
Security
Category
This is a comprehensive and well-structured SQL injection testing skill. The description clearly defines when to invoke the skill with multiple trigger phrases. The task knowledge is excellent, providing detailed detection methods, exploitation techniques across multiple attack vectors (UNION, error-based, blind, time-based, OOB), bypass techniques, and database-specific payloads. The structure is logical with clear phases, quick reference tables, and practical examples. Legal/ethical constraints are appropriately emphasized. The skill demonstrates novelty by consolidating extensive SQLi knowledge that would require many tokens for a CLI agent to reproduce, though SQLi testing itself is a well-established security practice. Minor improvement areas: could benefit from separating some extensive payload lists into referenced files for even cleaner structure, and adding tool automation scripts. Overall, this is a highly practical, actionable skill that meaningfully reduces the cognitive and token load for penetration testing tasks.
davila7
Skill Author
Loading SKILL.md…
