surf-app

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly requires running "surf sync" to download an API spec and using CLI commands like "surf market-price" to fetch sample data (and to read generated CLAUDE.md and SDK/readme files), meaning the agent will ingest public third‑party API/spec/data that it must interpret to choose endpoints/hooks and thereby can materially alter its actions.