opencode-config
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a shell script
scripts/validate-config.shused for configuration validation. The script performs file existence checks and JSON validation using standard system tools likejqandgrepwithout executing untrusted external code.\n- [SAFE]: The skill accesses configuration files located in the user's home directory under~/.config/opencode/. This is standard behavior for managing application-specific settings and does not involve accessing general system secrets or credentials.\n- [SAFE]: The skill processes user-defined configuration files in JSON and Markdown formats. 1. Ingestion points: Configuration files in the project and global config directories (SKILL.md, references/README.md). 2. Boundary markers: Not present. 3. Capability inventory: File system read/write (SKILL.md) and web search tools (references/README.md). 4. Sanitization: Syntax validation via jq is utilized in scripts/validate-config.sh to ensure file integrity.
Audit Metadata