opencode-bridge
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill documentation describes the use of the
opencodeCLI to execute prompts and retrieve JSON responses. This is a functional requirement of the bridge and does not involve unauthorized command execution.\n- [PROMPT_INJECTION] (LOW): The skill is subject to indirect prompt injection (Category 8) because it reads and processes message data from an external database that may contain content from untrusted sources.\n - Ingestion points: Message history is read from
~/.opencode/opencode.db(messages table).\n - Boundary markers: None present; the bridge processes raw database records.\n
- Capability inventory: The skill can execute CLI commands via
opencode -pand interact with an MCP server (openwork-mcp-bridge).\n - Sanitization: There is no documented sanitization or validation of the message content before it is used in subsequent operations.
Audit Metadata