Skills
skills/steffen025/pai-opencode/Science/Gen Agent Trust Hub

Science

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill includes instructions to load and apply configurations from ~/.opencode/skills/PAI/USER/SKILLCUSTOMIZATIONS/Science/PREFERENCES.md, explicitly stating that these "override default behavior." This creates a surface for indirect prompt injection where local files can dictate agent behavior without validation.
  • Ingestion points: ~/.opencode/skills/PAI/USER/SKILLCUSTOMIZATIONS/Science/PREFERENCES.md in SKILL.md.
  • Boundary markers: None. Instructions tell the agent to "load and apply" the content directly.
  • Capability inventory: Subprocess execution via curl and bun run as documented in SKILL.md and Workflows/DesignExperiment.md.
  • Sanitization: None. Content is applied as an override to system logic.
  • [COMMAND_EXECUTION]: The skill mandates a "Voice Notification" shell command be executed immediately upon invocation using curl to a local endpoint (http://localhost:8888/notify). It also provides instructions for executing external tools like bun run to perform evaluations, which involves shell command execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 07:38 AM