surf

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains many examples that require embedding secrets verbatim into CLI commands and workflow args (e.g., --password "secret", cookie.set --value "abc123", surf do ... --password "secret"), which forces the LLM to handle and output secret values directly, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill navigates arbitrary public URLs (e.g., surf navigate/surf tab.new and surf do workflows), reads page/iframe content via commands like surf page.read and surf page.text, and explicitly ingests social media/YouTube content via Grok/Perplexity/Gemini commands (e.g., grok "what are the latest AI trends on X", --with-page, --youtube), so it clearly consumes untrusted, user-generated third‑party content that the agent interprets.