Windsurf Prompt Injection Vulnerability in Version 1.10.7

A prompt injection vulnerability has been identified in Windsurf version 1.10.7, specifically in Write mode using the SWE-1 model. This vulnerability allows the creation of a file name that, when opened, appends instructions to the user prompt. As a result, Windsurf executes the appended instructions. The issue has been verified on macOS Sequoia 15.5.

Impact

Exploitation of this vulnerability allows for prompt injection, where Windsurf follows instructions appended to the user prompt via crafted file names. This could lead to unauthorized actions being performed by the application, such as exfiltrating information to an external website without user interaction.

Reproduction

To reproduce this vulnerability, open a new folder in Windsurf 1.10.7. Create a file with a name that includes a prompt injection instruction, such as asking Windsurf to perform a connectivity test. After trusting the authors of the files, initiate a conversation with Windsurf. The application will execute the instructions from the file, demonstrating the prompt injection.