opencode-qa
Pass
Audited by Gen Agent Trust Hub on Jun 5, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local CLI tools including
sqlite3,curl,jq, andtmuxto perform automated testing and diagnostic tasks on the opencode application. - [COMMAND_EXECUTION]: The utility script
scripts/lib/common.shuses small inline Python or Bun snippets (python3 -corbun -e) to dynamically identify available network ports for local server testing. - [DATA_EXFILTRATION]: The skill accesses the local application database at
~/.local/share/opencode/opencode.dbto inspect session history. This access is performed read-only and is restricted to the local environment, with no evidence of data being transmitted to external or unauthorized domains. - [PROMPT_INJECTION]: An indirect prompt injection surface exists as the skill reads and displays message content from the local SQLite database. However, the risk is inherent to the skill's purpose as a debugger, and the scripts utilize single-quote escaping (
oqa_sql_escape) to prevent SQL injection during local database queries. - [SAFE]: The skill intentionally isolates its execution environment by creating temporary XDG directories for data, config, and cache, ensuring that automated QA processes remain separated from production user data.
Audit Metadata