surfpool
Fail
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The installation instructions in SKILL.md, resources/cli-reference.md, and docs/troubleshooting.md promote the use of 'curl -sL https://run.surfpool.run/ | bash'. This pattern allows the execution of arbitrary code from a remote server without user verification, posing a critical threat to the integrity of the host system.
- [DATA_EXFILTRATION]: The skill's configuration templates and examples (e.g., templates/Surfpool.toml and examples/iac/deployment.tx) explicitly reference sensitive cryptographic material, specifically Solana keypair files (e.g., './keypairs/deployer.json'). Providing an AI agent with access to private keys is a high-risk operation that can lead to credential theft or unauthorized transactions.
- [COMMAND_EXECUTION]: The skill documentation and example scripts make extensive use of shell commands to install dependencies via 'cargo' and manage local blockchain networks using the 'surfpool' CLI tool.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests and processes untrusted local data from files like 'Surfpool.toml' and 'deployment.tx' to configure network behavior and deploy programs. Ingestion points: Configuration files and program binaries. Boundary markers: Absent. Capability inventory: Subprocess execution, local file reads, and network RPC operations. Sanitization: No sanitization or validation of the ingested file content is mentioned.
Recommendations
- HIGH: Downloads and executes remote code from: https://run.surfpool.run/ - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata