audit-website

[Skill Scanner] Natural language instruction to download and install from URL detected All findings: [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] The document is legitimate operational guidance for a website-audit tool that relies on an external closed-source CLI ('squirrel'). There is no direct malicious content in the instructions, but the described patterns (download-and-execute third-party binary without verification, automated parallel edits via subagents, and granting shell execution capability) constitute meaningful supply-chain and operational risks. Treat usage as potentially dangerous until the binary distribution is verifiable (signatures/checksums), subagent edits are strictly gated by human review, and audits are run in constrained environments. Recommend adding explicit integrity verification steps, minimizing privileges for the binary, and requiring interactive approvals for any file modifications. LLM verification: This SKILL.md is functionally coherent: it documents a website audit skill that uses an external CLI (squirrel). There is no evidence of embedded malicious code, hardcoded secrets, or obfuscation inside the skill file. However, it instructs users to download and execute a third-party binary (squirrelscan.com/download) without providing integrity checks, and it encourages spawning subagents to apply fixes automatically to live sites or local code. Those two elements — download-and-execute and aut