surf

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). High risk: the skill instructs users to curl-and-sh a remote install.sh hosted on agent.asksurf.ai (running arbitrary shell scripts from a non-well-known/unverified domain is a common malware vector); the api.asksurf.ai URL itself is just an API endpoint but supports the potentially untrusted CLI installer.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly exposes fetching public, user-generated content via the "social" endpoints (e.g., surf social-user --handle ...) and the "web" domain ("Fetch/parse any URL"), so the agent can ingest untrusted third-party pages and posts that could influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's setup explicitly runs a remote install script via "curl -fsSL https://agent.asksurf.ai/cli/releases/install.sh | sh", which downloads and executes remote code at runtime and is required for the skill's CLI functionality.