opencode-acp-control

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). The URLs point to GitHub repos/releases and a dedicated install script (opencode.dev/install) and include instructions to pipe a remote installer to bash and auto-download binaries on restart, which are common and plausible but carry supply‑chain/executable risks because the releases and domains appear to be small/third‑party rather than well‑established vendors.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill explicitly uses webfetch("https://github.com/anomalyco/opencode/releases/latest") to fetch a public GitHub releases page and parse its redirect/version, which is untrusted third-party content that the agent must read and that can change update/restart actions.