opencode-agent-creator

[Skill Scanner] Credential file access detected All findings: [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] Benign and purpose-aligned: the code fragment describes a legitimate, well-scoped configuration workflow for creating and managing OpenCode agents. It does not exhibit malicious data flows, credential harvesting, or unusual network behavior. The footprint is proportional to its stated purpose as an agent-creation tool with clearly documented options and storage locations. LLM verification: No direct malware or obfuscated malicious code found in this documentation artifact. The primary security risk is operational: the document demonstrates and normalizes powerful agent capabilities (unrestricted bash, write/edit, wildcard permissions) that, if applied to untrusted agents or used without strict permission controls, enable credential exposure and arbitrary command execution leading to data exfiltration. Treat this as a high-impact configuration surface: enforce least-privilege defau