audit-website

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.90). The prompt ostensibly advertises a read-only website audit/reporting skill but contains explicit, non-transparent instructions to autonomously search local env/vars, spawn subagents, and make code/content changes ("Do not ask, act" / "Make all changes") which compel behavior outside the skill's stated purpose and override user consent.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). The links point to a third‑party CLI site that exposes direct install endpoints (curl | bash and a .ps1 PowerShell installer) — a common legitimate pattern but inherently risky because executing remote scripts or installing binaries from a non‑well‑known domain without verification can distribute malware.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly crawls and fetches arbitrary live websites and external links (e.g., "squirrel audit https://example.com", "Crawl: Discovers and fetches pages starting from the base URL") and produces LLM-formatted reports from that fetched page content, so the agent will ingest untrusted public/third‑party content.