opencode-agent-creator
Fail
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: HIGHCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [Command Execution] (HIGH): The
examples/debug.mdfile defines a configuration that permits an agent to execute any system command without requesting permission (permission: bash: "*": allow). This unrestricted access is a high-risk security configuration for an autonomous agent.\n- [Indirect Prompt Injection] (LOW): The skill creates an attack surface for indirect prompt injection by defining agents that process untrusted external data using powerful tools without sufficient safeguards.\n - Ingestion points: The agents configured in the
examples/directory (e.g., debug, code-reviewer) are designed to read and analyze potentially attacker-controlled content such as source code, logs, and git history.\n - Boundary markers: The system prompts provided in the templates lack delimiters or specialized instructions to prevent the agent from following commands embedded within the analyzed data.\n
- Capability inventory: The templates provide agents with access to the bash shell and file-system modification tools (write, edit).\n
- Sanitization: No input validation or sanitization mechanisms are recommended or implemented in the provided agent configurations.
Recommendations
- AI detected serious security threats
Audit Metadata