surf-app
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill executes a remote package using
npx create-surf-app .to scaffold the project structure. This represents execution of code from the NPM registry. - [EXTERNAL_DOWNLOADS]: The skill performs
npm installin both thebackendandfrontenddirectories, downloading numerous third-party dependencies from the NPM registry. - [COMMAND_EXECUTION]: The skill runs multiple shell commands, including starting development servers (
npm run dev), inspecting local files (cat,grep), and performing local network health checks (curlto localhost). - [PROMPT_INJECTION]: The skill contains a vulnerability surface for indirect prompt injection by instructing the agent to read and obey "rules" defined in generated project files.
- Ingestion points:
CLAUDE.md,frontend/node_modules/@surf-ai/sdk/README.md,frontend/node_modules/@surf-ai/theme/CHARTS.md. - Boundary markers: Absent; the agent is explicitly told to read these files "BEFORE writing any code" and to follow the rules found within.
- Capability inventory: Remote package execution (
npx), package installation (npm), network requests (curl), and file system access (cat,grep). - Sanitization: None; the agent is directed to treat the content of these external files as authoritative project constraints.
Audit Metadata