The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill provides a pathway to process untrusted user instructions through agents with significant system capabilities, creating an injection surface where external data could influence agent behavior.
Ingestion points: User tasks are passed directly as command-line arguments to the opencode run command as described in SKILL.md.
Boundary markers: The instructions recommend wrapping prompts in single quotes to separate them from the shell command.
Capability inventory: The subagents mentioned in SKILL.md have capabilities including filesystem exploration (atlas, explore), dependency analysis, and web research (librarian).
Sanitization: The documentation provides a pattern for escaping internal single quotes ('\'') to maintain shell integrity.
[UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill documentation references the installation and use of the oh-my-openagent package from the NPM registry to provide the necessary CLI and agent logic.
[COMMAND_EXECUTION]: The primary function of the skill is to guide an AI agent in executing shell commands using the opencode binary. It includes explicit warnings and instructions on shell safety and quoting to mitigate risks during process invocation.

opencode-agents