windsurf-security-basics
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes bash snippets for security auditing (Step 5 and Examples) that execute
findandgrepto identify sensitive files (like.envor SSH keys) and verify their exclusion from AI indexing. These scripts run locally and do not modify system state. - [DATA_EXFILTRATION]: While the skill identifies and references sensitive file paths (e.g.,
~/.aws/credentials,*.pem,.env), it does so exclusively for the purpose of teaching the user how to exclude them from the AI's context. No network operations were found that attempt to transmit local data externally. - [SAFE]: The primary purpose of the skill is to improve the security and privacy posture of the user's workspace. All external references point to official documentation and privacy policies for Windsurf and Codeium.
Audit Metadata