Skills
skills/cameronapak/bknd-skills/bknd-repo-search-with-opencode/Gen Agent Trust Hub

bknd-repo-search-with-opencode

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [External Downloads] (MEDIUM): Instructions in SKILL.md and references/setup.md mandate the global installation of btca and opencode-ai via bun add -g. These are third-party packages from non-trusted sources.
  • [External Downloads] (MEDIUM): A command in references/advanced.md downloads a Cursor IDE rule file from https://btca.dev/rule and saves it to .cursor/rules/, representing an unverified download from a non-whitelisted domain that modifies local IDE configuration.
  • [Command Execution] (MEDIUM): The skill promotes the execution of global installation and system-level configuration commands (bun add -g, btca config, opencode auth) that modify the host environment.
  • [Indirect Prompt Injection] (LOW): The tool is designed to ingest and process external Git repositories (e.g., https://github.com/bknd-io/bknd). Ingestion points: Git URLs in configuration files; Boundary markers: Absent; Capability inventory: Read-only information retrieval (btca ask); Sanitization: None identified. Malicious content in repositories could influence agent responses.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 03:49 AM