Skills
skills/carson2222/skills/opencode-memory/Gen Agent Trust Hub

opencode-memory

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes historical data, including past user messages and assistant responses, which serves as a surface for indirect prompt injection if the retrieved history contains malicious instructions.
  • Ingestion points: Reads from the local SQLite database (opencode.db), prompt history (prompt-history.jsonl), and Markdown files (plans/*.md).
  • Boundary markers: The skill relies on natural language instructions for the agent to "summarize" or "distill" information but lacks formal delimiters or data encapsulation to isolate untrusted historical content.
  • Capability inventory: Includes the ability to execute shell commands (bash) and database queries (sqlite3).
  • Sanitization: No explicit sanitization, schema validation, or content filtering is implemented for the data retrieved from history.
  • [COMMAND_EXECUTION]: The skill relies on executing sqlite3 via bash to interact with the local database and uses standard utilities like ls, cat, and tail to inspect local files.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 06:20 PM