opencode
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches and installs the opencode-ai tool from the NPM registry and the anomalyco/tap/opencode Homebrew tap. These are standard procedures for enabling the skill's functionality.\n- [COMMAND_EXECUTION]: Utilizes the terminal tool to execute opencode commands and the process tool to interact with its text-based user interface (TUI).\n- [PROMPT_INJECTION]: The skill processes external data that could contain malicious instructions.\n
- Ingestion points: User-provided prompts passed to opencode run and process(action='submit') in SKILL.md.\n
- Boundary markers: None identified.\n
- Capability inventory: Terminal and process management tools in SKILL.md.\n
- Sanitization: No explicit sanitization or validation of input data.
Audit Metadata