Skills
skills/cyberconnecthq/surf-skills/surf-app/Gen Agent Trust Hub

surf-app

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to run several shell commands to scaffold a project, install dependencies, and manage dev servers.
  • [EXTERNAL_DOWNLOADS]: Scaffolds the project using npx create-surf-app and installs vendor-provided libraries like @surf-ai/sdk and @surf-ai/theme. It also fetches an API specification using surf sync.
  • [DATA_EXFILTRATION]: Accesses the local .env file to retrieve the VITE_BACKEND_PORT variable for service health checks. While used locally, .env is considered a sensitive file path.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface due to its data processing workflow. \n
  • Ingestion points: The surf CLI tool fetches market data and response schemas from external APIs (e.g., surf market-price). \n
  • Boundary markers: No isolation instructions or boundary markers are present to prevent the agent from interpreting instructions within the fetched data. \n
  • Capability inventory: The agent has full shell access to perform actions like npm install, npx execution, and file system modifications (cat, grep). \n
  • Sanitization: No data validation or sanitization steps are defined before processing the external content.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 04:00 AM