audit-website
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Remote Code Execution (CRITICAL): The installation instructions for macOS/Linux (curl -fsSL https://squirrelscan.com/install | bash) and Windows (irm https://squirrelscan.com/install.ps1 | iex) use piped remote execution from an untrusted domain (squirrelscan.com). This allows arbitrary code to run with user privileges without verification.
- Indirect Prompt Injection (HIGH): The skill audits external websites, which are attacker-controlled sources. Malicious instructions embedded in web content could manipulate the LLM's audit summary and the resulting code repairs. 1. Ingestion points:
squirrel audit [URL]as defined in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Network crawling, local database writes (~/.squirrel), and downstream code modification instructions for the agent. 4. Sanitization: Absent. - External Downloads (MEDIUM): The skill depends on binary downloads from squirrelscan.com, which is not included in the Trusted External Sources list.
- Persistence Mechanisms (MEDIUM): The installer automatically modifies the system PATH and creates persistent directories in the user's home folder (~/.squirrel), which could be leveraged if the installation script is compromised.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://squirrelscan.com/install - DO NOT USE
- AI detected serious security threats
Audit Metadata