opencode-setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes a literal API key in the example and instructs replacing placeholders and embedding the API key into the config file (not via env vars), which requires the LLM/agent to handle and output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs configuring OpenCode to use a custom Anthropic API endpoint (options.baseURL / ANTHROPIC_BASE_URL, e.g. http://190.92.219.209:8180) so the agent will call an arbitrary external model provider whose responses are untrusted and can directly influence agent decisions/actions.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). The document contains a literal, high-entropy API key value: "sk-6EksmlymZwLvlrsvCl8fSBvrzWiseLAihx7vjRv2jxwiCeeB". It appears as the value of ANTHROPIC_API_KEY in the example environment and is embedded directly into the JSON config. The "sk-" prefix and long random-looking string meet the definition of a real, usable secret (not a placeholder or simple setup password). This should be treated as an active credential and remediated (revoke/rotate the key, remove from docs, and audit usage).