setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill asks the user to paste Jira PAT/API token and then directs the agent to write those values verbatim into the opencode JSON (via the Write tool), which requires the LLM to handle and output secret values directly, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The bundled setup script (reference/setup.sh) fetches and runs content from public third-party URLs—e.g., curling the GitLab releases API (https://gitlab.com/api/v4/...), downloading packages from cli.github.com, and piping the uv installer from https://astral.sh/uv/install.sh—which are untrusted external sources fetched and executed as part of the required setup workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The bundled setup script is executed at runtime and explicitly runs curl -LsSf https://astral.sh/uv/install.sh | sh (and also downloads a glab .deb from gitlab.com to install), which fetches and executes remote code that the skill depends on for the uvx/glab installation.