sql-code-review

SKILL.md

Comprehensive SQL security, performance, and quality analysis across MySQL, PostgreSQL, SQL Server, and Oracle databases.

Analyzes SQL injection vulnerabilities, access control issues, and sensitive data exposure with parameterized query examples for each database platform

Reviews query performance through index strategy, join optimization, and anti-pattern detection (N+1 queries, function misuse in WHERE clauses, overuse of DISTINCT)

Evaluates code quality including naming conventions, formatting, schema normalization, and appropriate data type choices

Provides database-specific guidance for PostgreSQL (JSONB, GIN indexes), MySQL (storage engines), SQL Server (columnstore indexes), and Oracle (sequences)

Delivers structured output with priority-ranked issues, before/after code examples, and scoring across security, performance, maintainability, and schema quality

SQL Code Review

Perform a thorough SQL code review of ${selection} (or entire project if no selection) focusing on security, performance, maintainability, and database best practices.

🔒 Security Analysis

SQL Injection Prevention

-- ❌ CRITICAL: SQL Injection vulnerability
query = "SELECT * FROM users WHERE id = " + userInput;
query = f"DELETE FROM orders WHERE user_id = {user_id}";

-- ✅ SECURE: Parameterized queries
-- PostgreSQL/MySQL
PREPARE stmt FROM 'SELECT * FROM users WHERE id = ?';
EXECUTE stmt USING @user_id;