sql-injection-anti-pattern
Installation
SKILL.md
SQL Injection Anti-Pattern
Severity: Critical
Summary
Attackers execute arbitrary SQL commands by manipulating user input. String concatenation in queries (frequently AI-generated from insecure training data) enables database compromise, data exfiltration, authentication bypass, and remote code execution.
The Anti-Pattern
The anti-pattern is concatenating user data into SQL statements, allowing attackers to break query structure and inject malicious SQL.
BAD Code Example
# VULNERABLE: String concatenation creates injection vector.
import sqlite3