FirstPrinciples
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a customization feature in
SKILL.mdthat instructs the agent to check~/.opencode/skills/CORE/USER/SKILLCUSTOMIZATIONS/FirstPrinciples/and "load and apply any PREFERENCES.md, configurations, or resources found there" which "override default behavior." This represents an indirect prompt injection surface where unverified local files can manipulate agent instructions. Ingestion points: Local directory paths. Boundary markers: None. Capability inventory: Automated shell command execution (curl). Sanitization: None. - [COMMAND_EXECUTION]: The skill and all three associated workflows (
Challenge.md,Deconstruct.md,Reconstruct.md) contain instructions to execute shell commands usingcurlto interact with a local service athttp://localhost:8888/notify. While intended for local notifications, these commands are executed in the background without user confirmation.
Audit Metadata