The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill downloads shell scripts and PowerShell scripts from "https://opencode.ai/install" and "https://opencode.ai/install.ps1" and pipes them directly into the shell interpreter (bash or iex). This allows for arbitrary code execution from a remote server on both the local machine and the created cloud instance.- [COMMAND_EXECUTION]: The skill executes multiple sensitive system commands, including "gcloud compute instances create" to provision virtual machines, "gcloud compute ssh" to manage remote access, and various "tmux" operations to manage persistent sessions.- [EXTERNAL_DOWNLOADS]: Fetches installation scripts and binary tools from several external sources. While "sdk.cloud.google.com" and "raw.githubusercontent.com" (for Homebrew) are well-known, "opencode.ai" is an unverified source with direct shell execution patterns.- [CREDENTIALS_UNSAFE]: Includes a hardcoded Google Cloud Project ID ("path26-489205") used as the default target for cloud infrastructure provisioning and authentication commands.- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection. * Ingestion points: Reads from environment variables like GCP_PROJECT_ID and GCP_GCE_ZONE in SKILL.md (Step 4). * Boundary markers: No boundary markers or instructions to ignore embedded commands are present. * Capability inventory: Uses subprocess calls for gcloud instance creation and remote SSH command execution. * Sanitization: No evidence of sanitization or validation of the input environment variables before they are interpolated into sensitive shell commands.

setup-opencode-remote