skill-evals-run
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local shell script at
./evals/skill-loading/opencode_skill_eval_runner.shusing the Bash tool. Execution of local scripts is a known security surface if the script content is not verified. - [DATA_EXFILTRATION]: The skill accesses application-specific sensitive paths including
~/.config/opencode/and~/.local/share/opencode/auth.jsonto retrieve provider configurations and authentication tokens. This behavior is consistent with the skill's stated purpose. - [PROMPT_INJECTION]: The skill processes untrusted data from an external dataset, creating a surface for indirect prompt injection. 1. Ingestion points: The skill reads
evals/skill-loading/opencode_skill_loading_eval_dataset.jsonl. 2. Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the skill definition. 3. Capability inventory: The skill has the capability to execute shell scripts and read files. 4. Sanitization: No sanitization or validation logic is defined for the dataset content before it is processed.
Audit Metadata