opencode-companion
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses child_process.spawn to execute git, opencode, and node commands to manage coding sessions and background tasks. This behavior is documented and necessary for the skill's primary function as a coding runtime companion.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface in its code review functionality where git output is incorporated into prompts.
- Ingestion points: External data from git status and git diff is collected in scripts/opencode-companion/review.mjs and passed to the OpenCode runtime.
- Boundary markers: No explicit delimiters are used to wrap the git output in the constructed prompts.
- Capability inventory: The skill can execute subprocesses (git, opencode, node), write logs and state files to the project directory, and perform local network requests.
- Sanitization: Git output is included in prompts without escaping or sanitization.
- [DATA_EXFILTRATION]: Network operations are confined to the local loopback interface for communication between the companion script and the OpenCode runtime service, preventing unauthorized data exfiltration.
Audit Metadata