surf-codebase
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (LOW): Indirect Prompt Injection Surface.\n
- Ingestion points: Untrusted data enters the agent context through READ_PAGE and src/content/accessibility-tree.ts.\n
- Boundary markers: Documentation does not indicate use of delimiters or instructions to ignore embedded instructions for web content.\n
- Capability inventory: The skill provides high-privilege tools like EXECUTE_CLICK, EXECUTE_TYPE, and direct CDP access in src/cdp/controller.ts.\n
- Sanitization: No sanitization or validation of external web content is mentioned.
Audit Metadata