create-opencode-plugin
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill contains a utility script
scripts/extract-plugin-api.tsintended to be run locally by the user viabun run. This script extracts TypeScript interface definitions from a local OpenCode workspace and writes them to the skill's reference directory. It performs directory traversal to find the workspace but does not execute arbitrary shell commands or external code. - EXTERNAL_DOWNLOADS (SAFE): The skill includes documentation (
references/update-notifications.md) that provides a code pattern for checking package updates viahttps://registry.npmjs.org/. This is a standard practice for developer tools and targets a trusted, whitelisted domain. - DATA_EXFILTRATION (SAFE): While the utility script reads local source files, its operations are strictly local (reading from a workspace and writing to the skill's documentation folder). No network transmission of local data was identified.
- PROMPT_INJECTION (SAFE): The instructions follow a clear, professional workflow for plugin development without any attempts to bypass safety filters or override agent behavior.
- INDIRECT_PROMPT_INJECTION (LOW): The skill provides a mechanism to ingest local source code files for documentation extraction via the
extract-plugin-api.tsscript. This represents a minor surface area where malicious code in a processed workspace could theoretically influence the generated documentation, but the script uses safe regex-based extraction rather than execution or LLM interpolation of that data.
Audit Metadata