opencode
Warn
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The utility function
execute_cmdinopencode_utils.pyusessubprocess.runwithshell=True. Inlist_sessions.py, this is used to execute commands constructed from project paths retrieved via a local HTTP API, which represents a potential command injection vector if the local service provides malicious path data.\n- [COMMAND_EXECUTION]: Thestart_opencodefunction inopencode_utils.pylaunches background processes usingos.setsidon Unix-like systems andDETACHED_PROCESSon Windows. This allows theopencode serveprocess to persist independently of the agent's lifecycle.\n- [DATA_EXFILTRATION]: The skill reads local project metadata and session message history from a service on127.0.0.1:4096. While restricted to the local interface, this automated ingestion of external data into the agent's context creates a surface for indirect prompt injection.
Audit Metadata