opencode-agent
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using user-provided instructions and directory paths, specifically via the
opencode runcommand. - [DATA_EXFILTRATION]: The skill accesses session metadata in
~/.copilot/session-stateand transfers files from the filesystem to a workspace directory for transmission via Telegram. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and parsing data from external session logs. Ingestion points: Reads JSON data from
/tmp/session.jsonandevents.jsonlfrom the Copilot session directory. Boundary markers: External data is processed and displayed without isolation delimiters or instructions to ignore embedded commands. Capability inventory: The skill has access to shell execution via CLI tools and file system manipulation. Sanitization: No sanitization or validation is applied to the ingested session content before processing.
Audit Metadata