opencode-agents

SUSPICIOUS: the skill’s purpose is coherent, but it acts as a delegation wrapper to an external agent/CLI stack and even suggests installing that stack if missing. The main risks are transitive trust, local-context forwarding to remote agents, and indirect prompt-injection exposure from web-research subagents; there is no clear evidence of credential theft or overtly malicious behavior.