opencode-controller
Pass
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: LOWNO_CODECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [NO_CODE] (SAFE): The skill consists entirely of markdown-based instructions, metadata, and reference files. It does not include any Python scripts, Node.js packages, shell scripts, or binaries.
- [Indirect Prompt Injection] (LOW): The skill facilitates the processing of output (plans and questions) from an external tool. Ingestion points: User tasks and Opencode generated plans. Boundary markers: Absent. Capability inventory: Slash commands used to trigger Build mode implementation within Opencode. Sanitization: Absent. The risk is mitigated by explicit instructions requiring the agent to 'Review the plan carefully' and confirm with the user before implementation.
- [Command Execution] (INFO): The slash commands mentioned (/sessions, /agents, /models) are instructions for interacting with the Opencode application interface and do not constitute arbitrary system-level shell command execution.
Audit Metadata