opencode-agent
Warn
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of arbitrary shell commands on a remote server using the
opencodebinary. This includes both the predefined setup commands and any arbitrary command passed within a task string. - [REMOTE_CODE_EXECUTION]: The primary purpose of the skill is to delegate coding tasks to a remote server, which inherently involves the execution of generated code on that system.
- [EXTERNAL_DOWNLOADS]: The skill depends on the presence of an external binary named
opencodeon the local system, which is not provided within the skill itself. - [CREDENTIALS_UNSAFE]: The skill requires printing the environment variables
OPENCODE_SERVER_URLandOPENCODE_SERVER_DIRto the console, which may expose sensitive network or infrastructure details. - [PROMPT_INJECTION]: The skill accepts task descriptions from the user or other data sources and interpolates them directly into shell commands without sanitization or boundary markers, creating a surface for indirect prompt injection.
Audit Metadata