opencode-permission
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a bundled Python script,
manage_permission.py, to modify local configuration files. This is the intended purpose of the tool and is performed without elevated system privileges. - [PROMPT_INJECTION]: The skill provides a mechanism for an agent to modify its own security boundaries, which constitutes an indirect prompt injection surface.
- Ingestion points: User-supplied command strings and permission actions are processed from the prompt and written to the configuration file.
- Boundary markers: No specific delimiters are used to isolate user-provided command patterns from the agent's internal configuration logic.
- Capability inventory: The script has the capability to write to
~/.config/opencode/opencode.jsonc, which governs the agent's permission policy for all other tool calls. - Sanitization: The script validates that the
actionparameter matches expected values (allow, ask, deny) but does not sanitize the content of the command patterns themselves.
Audit Metadata