injection-prevention
Installation
SKILL.md
Injection Prevention (OWASP A01)
Prevent SQL, NoSQL, Command, and other injection attacks by validating and sanitizing all user input.
When to Use
- Reviewing code that builds SQL/NoSQL queries
- Code that executes shell commands
- Any place user input reaches an interpreter
- Building APIs that accept user data
- Migrating from string concatenation to parameterized queries
Injection Types
| Type | Danger | Common Locations |
|---|---|---|
| SQL Injection | CRITICAL | Database queries, ORMs with raw queries |
| NoSQL Injection | CRITICAL | MongoDB, Redis, Elasticsearch queries |
| Command Injection | CRITICAL | Shell exec, system calls, child_process |
Related skills