opencode-api
Pass
Audited by Gen Agent Trust Hub on May 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill documents an automation pattern (Email-Driven Follow-Up) for processing external data from emails. Ingestion points: Gmail email content as described in SKILL.md. Boundary markers: Absent; the documentation does not specify the use of delimiters or 'ignore' instructions when interpolating email content into API prompts. Capability inventory: The skill uses curl to send POST requests to /message and /prompt_async endpoints which process and execute prompts. Sanitization: Absent; the workflow describes extracting changes from emails and posting them directly to the API.
- [COMMAND_EXECUTION]: The skill provides instructions for executing local commands to start a server and interact with it. Evidence: Examples using 'opencode serve' and 'curl' targeting localhost (127.0.0.1:4096).
Audit Metadata