opencode-config
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill directs the agent to autonomously execute 'opencode run test' for validation. This pattern bypasses user oversight for command execution.
- REMOTE_CODE_EXECUTION (MEDIUM): The schema reference documentation encourages using npx to run MCP servers and formatters, which downloads and runs arbitrary code from the npm registry.
- EXTERNAL_DOWNLOADS (MEDIUM): The skill refers to several third-party plugins and packages, such as opencode-openai-codex-auth and @ramtinj95/opencode-tokenscope, which are not from verified sources.
- PRIVILEGE_ESCALATION (MEDIUM): The skill is primarily intended to modify security permissions. It provides examples that would allow all bash commands or suppress security prompts, which could be used to weaken the agent's sandbox.
- DATA_EXFILTRATION (LOW): Features like 'auto' session sharing and remote MCP server configurations create potential pathways for sensitive data or environment variables to be sent to external endpoints.
- PROMPT_INJECTION (LOW): The skill reads instructions from project files like AGENTS.md, creating a surface for Indirect Prompt Injection where malicious project files could hijack the agent's behavior.
Audit Metadata