Skills
skills/vijaykpatel/favorite_skills_and_plugins/audit-website/Snyk

audit-website

Fail

Audited by Snyk on Feb 21, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E004: Prompt injection detected in skill instructions.

  • Potential prompt injection detected (high risk: 0.80). The prompt goes beyond auditing by explicitly instructing autonomous, non-consensual actions (searching local env/dirs, running local dev servers, spawning subagents to "Make all changes" and "Do not ask for confirmation"), which are hidden/deceptive behaviors outside the skill's advertised audit/report purpose.

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.90). Most URLs are documentation or example pages, but the skill explicitly instructs piping a remote shell installer (https://squirrelscan.com/install | bash) and running a remote PowerShell script (https://squirrelscan.com/install.ps1 | iex), which are high-risk download-and-execute patterns from an unvetted source and can easily distribute malware.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to crawl and analyze arbitrary live websites (e.g., "squirrel audit https://example.com --format llm" and the "Crawl" / "Analyze" steps) and the OUTPUT-FORMAT.md even recommends piping the LLM-formatted audit ("squirrel audit ... --format llm | claude") to an AI agent, so untrusted public web content is fetched and ingested and can directly influence agent actions and subagent spawning.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill's prerequisite installation commands fetch and execute remote code (curl -fsSL https://squirrelscan.com/install | bash and irm https://squirrelscan.com/install.ps1 | iex), and the squirrel CLI installed from those URLs is a required runtime dependency, so these URLs present a high-risk runtime external dependency that executes remote code.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (low risk: 0.30). The skill instructs the agent to install a remote CLI (curl | bash) and to autonomously edit local project and user config files (spawn subagents, "do not ask, act"), which can change the machine state, but it does not request sudo, modify privileged system files, or create new system users.
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 21, 2026, 04:23 PM