reusable-commands
Warn
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (MEDIUM): The skill is designed to generate files (
.opencode/commands/*.md) that support the execution of arbitrary shell commands using the!commandsyntax. This capability allows the resulting commands to perform any action the user's shell can, including file modification or network access. - Evidence: The workflow in
SKILL.mdand documentation inreferences/opencode-commands.mdexplicitly describe and encourage using!command(e.g.,!git diff --cached,!npm test). - COMMAND_EXECUTION (MEDIUM): The skill enables the creation of persistent automated scripts. While intended for benign automation (e.g., testing, reviewing), there are no safeguards preventing the creation of malicious commands.
- Evidence: Templates in
assets/opencode-command-template.mdprovide the structure for embedding executable logic. - PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests untrusted user input and writes it into a high-privilege execution context.
- Ingestion points: User-provided 'Prompt Body' described in
SKILL.md(Step 2). - Boundary markers: Absent. The user input is directly written to markdown files without escaping or delimiters to prevent command injection within the prompt.
- Capability inventory: The skill itself has file-write capabilities. The environment that consumes its output (OpenCode) has full shell execution capabilities via the
!commandsyntax. - Sanitization: Absent. There is no validation or filtering of the 'Prompt Body' to detect or block dangerous shell commands.
Audit Metadata