opencode-plugin-dev
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The documentation describes how to use the host environment's shell API ($) for plugin functionality. Examples provided are benign (e.g., using
osascriptfor desktop notifications) and illustrative. - [DATA_EXFILTRATION] (SAFE): The file includes explicit code patterns for 'Environment Protection' specifically designed to prevent the reading of sensitive
.envfiles, demonstrating a security-first approach to documentation. - [EXTERNAL_DOWNLOADS] (SAFE): The skill mentions dependency management via NPM and Bun. These are descriptions of the platform's standard build processes and do not represent the skill itself downloading untrusted code.
- [NO_CODE] (SAFE): The skill consists entirely of Markdown guidance and TypeScript code snippets. It does not include or execute any scripts or binaries during its own operation.
Audit Metadata