audit-website
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Remote Code Execution] (CRITICAL): Automated scans detected that the tool is installed using the pattern 'curl | bash' from squirrelscan.com. This allows arbitrary code execution from an untrusted source, which can lead to complete system compromise.
- [Unverifiable Dependencies] (HIGH): The skill depends on software hosted at squirrelscan.com, which is not a trusted repository or organization. This makes the code unverifiable and exposes the user to supply-chain risks.
- [Indirect Prompt Injection] (MEDIUM): The format is designed for AI agents to consume crawled web data (e.g., meta titles, descriptions). This presents a vulnerability where external content could contain hidden instructions to override agent behavior, especially if the agent uses the 'Fix' suggestions to perform automated actions.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://squirrelscan.com/install - DO NOT USE
- AI detected serious security threats
Audit Metadata