opencode

The fragment is a comprehensive configuration/documentation for the OpenCode agent framework. It is coherent with its stated purpose and reflects legitimate architecture for extensible agents, skills, tools, and provider integration. However, notable security considerations exist: automatic updates, external provider endpoints, MCP remote tooling, and environment-based credential interpolation create external data flows and potential credential exposure. The presence of local plugin paths and remote dependencies increases attack surface and requires rigorous controls (version pinning, signed updates, least-privilege permissions, secret management, and integrity verification). Overall, the risk is moderate with actionable hardening steps recommended before deployment.