opencode
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill's documentation explicitly recommends installing the software using
curl -fsSL https://opencode.ai/install | bash. This pattern is a major security risk as it executes unverified code from the internet with the privileges of the current user. The domain opencode.ai is not in the trusted sources list. - [COMMAND_EXECUTION] (HIGH): The skill promotes the use of the
!commandprefix and a built-inbashtool to execute arbitrary shell commands (e.g.,!npm install,!git status). This provides a direct path for command injection if the agent handles untrusted data. - [EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs users to install external packages from unverified sources, including the npm package
opencode-aiand a third-party Homebrew tapanomalyco/tap/opencode. - [PROMPT_INJECTION] (LOW): The skill is highly susceptible to indirect prompt injection (Category 8).
- Ingestion points: Processes untrusted data via fuzzy file references (
@filename),AGENTS.mdconfiguration files, and project-level.opencodedirectories. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the documentation.
- Capability inventory: Possesses dangerous capabilities including shell command execution (
bashtool,!command), file writing/editing (edit,write), and network access (webfetch). - Sanitization: There is no evidence of sanitization or validation for external content before it is processed by the agent.
Recommendations
- HIGH: Downloads and executes remote code from: https://opencode.ai/install - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata