opencode
Warn
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to install an external CLI tool from the npm registry (
npm i -g opencode-ai@latest) or via a third-party Homebrew tap (anomalyco/tap/opencode). - [REMOTE_CODE_EXECUTION]: The skill executes the
opencodebinary to perform autonomous coding tasks. This agent can generate and execute code on the host system based on model-generated instructions, representing a dynamic execution risk. - [COMMAND_EXECUTION]: The skill relies on the
terminal()andprocess()tools to run various shell commands for setup, authentication, and task execution. - [DATA_EXFILTRATION]: The instructions suggest attaching project files, including potentially sensitive configuration or example environment files (e.g.,
.env.example,config.yaml), to theopencodeCLI, which transmits this content to external AI service providers. - [PROMPT_INJECTION]: The skill processes untrusted external data, creating a surface for indirect prompt injection. Ingestion points: Pull request data via
opencode prand local files attached via the-fflag. Boundary markers: None are specified to prevent the agent from executing instructions embedded within the code or PRs. Capability inventory: The skill can execute shell commands and modify the filesystem via theopencodeCLI. Sanitization: No validation or sanitization of the external content is performed before processing.
Audit Metadata