Skills
skills/different-ai/openwork/openwork-debug/Gen Agent Trust Hub

openwork-debug

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • Data Exposure (HIGH): The skill accesses ~/.opencode/opencode.db using sqlite3. This database contains sensitive user data, specifically chat history (messages) and session metadata, exposing it to the agent's context.
  • Data Exfiltration (MEDIUM): The skill utilizes curl to perform network requests to an external, user-defined $OPENWORK_SERVER_URL with authorization headers. This provides a potential channel for exfiltrating the sensitive data retrieved from the local database.
  • Command Execution (MEDIUM): The skill instructs the agent to execute several system commands, including curl, sqlite3, and opencode. This creates a surface for command injection if variables like $OPENWORK_SERVER_URL are maliciously populated.
  • Indirect Prompt Injection (LOW): The skill processes untrusted data from external server responses and local database records.
  • Ingestion points: Output of curl network calls and sqlite3 database queries (File: SKILL.md).
  • Boundary markers: Absent; there are no instructions to the agent to ignore or delimit embedded instructions within the retrieved data.
  • Capability inventory: File system read access via sqlite3, network access via curl, and CLI interaction via opencode.
  • Sanitization: None; the skill does not include steps to sanitize or validate the external data before processing.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:22 PM