curl | sh in Windsurf — agent safety guide
Windsurf agents frequently attempt curl | sh during autonomous sessions.
curl | sh
What it does
Pipes remote script content directly into a shell interpreter.
Why agents run it
Autonomous coding agents optimize for task completion. When refactoring, cleaning up, or syncing repositories, agents often reach for curl | sh because it appears to solve the immediate problem — without surfacing irreversibility to the operator.
Default blocklist tier
DestructGuard's strict rules tier includes curl | sh by default. Teams on the strict tier also block adjacent patterns. Pair with git pre-commit and pre-push hooks from the Pro Pack for defense in depth.
How to allow with audit
When a blocked command is genuinely needed, DestructGuard prompts for explicit approval and records the decision. Upload the audit log to IncidentScribe to reconstruct what happened before an outage.