opencode-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill requires connecting to an arbitrary OPENCODE_SERVER_URL and running attached commands (e.g., the preflight step opencode run --attach $OPENCODE_SERVER_URL 'pwd && ls -1d */ || true' and reading background session logs/process output), which causes the agent to ingest and act on untrusted remote server file contents and outputs that could contain user-generated instructions influencing subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires an attached OpenCode server at OPENCODE_SERVER_URL (example: http://127.0.0.1:4096) and uses opencode run --attach at runtime to execute arbitrary commands on that server, so the server URL is a required runtime dependency that can execute remote code.