opencode-config

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent to "ALWAYS verify details using search tools (searxng_searxng_web_search, searxng_web_url_read)" and cites external sources (e.g., opencode.ai docs, GitHub), so the agent will fetch and interpret untrusted public web content that can materially influence configuration and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly lists "Remote config (.well-known/opencode)" as the highest-precedence configuration source and instructs using web-read/search tools at runtime, so fetching an organization's remote config (e.g. https:///.well-known/opencode) would allow external content to directly control agent prompts/configuration.