opencode-sdk
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill enables the agent to read local files and subscribe to external, real-time event streams. Malicious instructions embedded in these data sources could hijack the agent's logic to execute unauthorized operations via the SDK's high-privilege functions.
- Capability Inventory (HIGH): The skill provides tools for session manipulation, TUI control, and file modification. Combined with data ingestion, this creates a 'Read-to-Write' loop where untrusted data can influence system-altering commands.
- Unverifiable Dependencies (MEDIUM): The skill relies on
@opencode-ai/sdk, a package from a non-standard/untrusted source, which is installed via npm during setup. - Credential Exposure (MEDIUM): The toolkit includes authentication setup methods (
client.auth.set). If the agent is successfully injected, it could be coerced into leaking API keys or credentials stored within these configurations.
Recommendations
- AI detected serious security threats
Audit Metadata