Surf Skill — One Skill, All Crypto Data

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill documents an installation and upgrade procedure using curl -fsSL https://agent.asksurf.ai/cli/releases/install.sh | sh. This script is hosted on the vendor's domain and is used to deploy the skill's primary CLI tool.
  • [COMMAND_EXECUTION]: The skill uses the bash tool to execute surf commands, manage authentication, and write API feedback logs to ~/.surf/api-feedback/ on the local filesystem.
  • [PROMPT_INJECTION]: The skill processes untrusted data from crypto API responses, presenting a surface for indirect prompt injection. Mandatory Evidence: (1) Ingestion points: Data returned from surf command output. (2) Boundary markers: Present in the 'Data Boundary' section of SKILL.md. (3) Capability inventory: bash tool and file system write access. (4) Sanitization: The skill instructs the agent to treat returned content as data only and to avoid executing instructions found within results.
  • [CREDENTIALS_UNSAFE]: The skill mentions the SURF_API_KEY environment variable and describes how to save keys to the system keychain via surf auth. No hardcoded secrets were found.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 12:19 AM
Security Audit — agent-trust-hub — Surf Skill — One Skill, All Crypto Data