Skills
skills/ajoslin/dot/opencode-memory/Gen Agent Trust Hub

opencode-memory

Pass

Audited by Gen Agent Trust Hub on Apr 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides templates for the agent to execute shell commands (sqlite3, cat, tail, ls) to retrieve stored data from the local file system.\n
  • Evidence: SKILL.md contains pre-defined command blocks that access ${XDG_DATA_HOME:-$HOME/.local/share}/opencode/opencode.db and other local paths.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes historical message content that could contain instructions from previous untrusted sessions.\n
  • Ingestion points: Reads from the message and part tables in opencode.db, as well as prompt-history.jsonl and plans/*.md files (as detailed in SKILL.md and references/storage-format.md).\n
  • Boundary markers: Absent; there are no instructions to use delimiters or ignore embedded commands when summarizing history.\n
  • Capability inventory: The agent has the ability to execute bash commands and SQL queries based on the provided instructions.\n
  • Sanitization: None; historical text is queried and presented to the agent for distillation without filtering or escaping.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 24, 2026, 01:19 AM