Skills
skills/asksurf-ai/surf-skills/surf/Gen Agent Trust Hub

surf

Pass

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill provides an installation command (curl -fsSL https://agent.asksurf.ai/cli/releases/install.sh | sh) that fetches and executes a shell script from the vendor's domain.
  • [COMMAND_EXECUTION]: The skill extensively uses the bash tool to run the surf CLI tool for data retrieval, discovery, and authentication management.
  • [PROMPT_INJECTION]: The skill contains an explicit 'Data Boundary' section instructing the agent to treat API responses as untrusted external data and to avoid executing any instructions found within them, mitigating indirect prompt injection risks.
  • [EXTERNAL_DOWNLOADS]: The CLI tool performs network operations to the vendor's API gateway (api.asksurf.ai) to retrieve real-time crypto data and metadata.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 8, 2026, 10:49 PM