surf

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that embed plaintext secrets (passwords, tokens, cookie values) directly into CLI commands and workflow arguments (e.g., --password "secret", cookie.set --value "abc123", surf do with password arg), which would require the LLM to handle and emit secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly navigates and ingests arbitrary public web content (e.g., surf go "URL", surf page.read / surf page.text, frame.switch + page.read, and AI commands like surf grok or --with-page) from third‑party sites including social media, and those page contents are used in workflows and AI queries that can change subsequent tool actions.