Surf Skill — One Skill, All Crypto Data
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documents an installation and upgrade procedure using
curl -fsSL https://agent.asksurf.ai/cli/releases/install.sh | sh. This script is hosted on the vendor's domain and is used to deploy the skill's primary CLI tool. - [COMMAND_EXECUTION]: The skill uses the
bashtool to executesurfcommands, manage authentication, and write API feedback logs to~/.surf/api-feedback/on the local filesystem. - [PROMPT_INJECTION]: The skill processes untrusted data from crypto API responses, presenting a surface for indirect prompt injection. Mandatory Evidence: (1) Ingestion points: Data returned from
surfcommand output. (2) Boundary markers: Present in the 'Data Boundary' section of SKILL.md. (3) Capability inventory:bashtool and file system write access. (4) Sanitization: The skill instructs the agent to treat returned content as data only and to avoid executing instructions found within results. - [CREDENTIALS_UNSAFE]: The skill mentions the
SURF_API_KEYenvironment variable and describes how to save keys to the system keychain viasurf auth. No hardcoded secrets were found.
Audit Metadata