cyberneticlibrary

Detect SQL injection vulnerabilities

sast-sqliskillsetup L3★0

reasonless-throne486/sast-skills ↗

What it does

Detect SQL injection in queries and stored procedures

Best for

Finding SQLi across authentication and bulk data endpoints in large codebases

Inputs

· codebase
· sast/architecture.md

Outputs

· sast/sqli-results.md (SQL sinks + unsanitized parameter traces)

Requires

· Subagents (batched), code analysis

Preconditions

sast/architecture.md exists, SQL queries visible (ORM or raw), parameter sources identified

Failure modes

· Parameterized queries flagged as vulnerable (false positive)
· String concatenation in non-SQL contexts flagged (false positive)
· Complex ORMs hide parameter passing (missed)
· Stored procedures not analyzed

Trust signals

· Distinguishes concat from parameterized calls
· Shows query construction code paths
· Covers ORM (SQLAlchemy, Django ORM) and raw SQL