Skills
skills/hhopkins95/ai-systems/OpenCode SDK Development/Gen Agent Trust Hub

OpenCode SDK Development

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (LOW): The skill provides examples such as searchFiles and gitStatus that utilize bun's shell ($) to execute system commands like find and git. While Bun provides automatic escaping for variables, shell execution is a high-privilege capability. This is considered LOW severity as it is the primary purpose of an SDK development skill.
  • EXTERNAL_DOWNLOADS (LOW): The fetchUrl tool example demonstrates the use of the fetch API to make network requests to arbitrary URLs. This can be used to download external content into the agent's context.
  • DATA_EXFILTRATION (LOW): Examples like contextInfo and projectInfo provide access to session metadata and local project structures. If combined with the network capabilities of fetchUrl, this could potentially be used for data exfiltration.
  • PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8c) through the fetchUrl tool.
  • Ingestion points: External data is ingested via the fetch call in examples/basic-tool.ts.
  • Boundary markers: The example lacks explicit boundary markers or instructions to ignore embedded prompts in the fetched content.
  • Capability inventory: The skill has access to shell execution (bun shell) and file system listing.
  • Sanitization: No sanitization of the fetched URL body is performed before returning it to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:16 PM