audit-website
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Remote Code Execution] (CRITICAL): The skill utilizes a dangerous installation method detected by automated scans:
curl -fsSL https://squirrelscan.com/install | bash. Piping a remote script from an untrusted domain into a shell allows for arbitrary command execution on the host machine. - [Indirect Prompt Injection] (HIGH): The skill creates a significant attack surface by parsing content from external websites and feeding it to an AI agent.
- Ingestion points: Web content such as meta descriptions, titles, and site information from audited URLs (references/OUTPUT-FORMAT.md).
- Boundary markers: The XML-based
llmformat provides structural separation but lacks explicit instructions for the agent to ignore instructions embedded within the text fields. - Capability inventory: The tool is designed to be used in a pipeline with agents (e.g.,
squirrel audit ... | claude), meaning injected instructions could trigger downstream agent actions. - Sanitization: The tool performs XML escaping, which prevents XML syntax errors but is ineffective against natural language prompt injection.
- [External Downloads] (MEDIUM): The skill relies on installation from an unverified third-party domain (
squirrelscan.com) that is not listed as a Trusted External Source.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://squirrelscan.com/install - DO NOT USE
- AI detected serious security threats
Audit Metadata