audit-website

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to crawl and audit live websites (e.g., "squirrel audit https://example.com --format llm" and "You should PREFER to audit live websites" in SKILL.md and the LLM output docs showing piping audit output to an agent), so it fetches and ingests untrusted public web content which the agent reads and uses to decide fixes and spawn subagents.