The Agent Skills Directory

[COMMAND_EXECUTION]: The skill invokes the opencode CLI tool via shell commands (e.g., opencode -p "<contract>") to execute tasks. This provides the agent with a mechanism to run external processes based on dynamically generated content.
[DATA_EXPOSURE]: Accesses potentially sensitive files including session history databases (opencode.db) and configuration files in the user home directory (~/.config/opencode/). While intended for auditing, this exposes metadata about previous agent actions.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes data from the workspace and external sub-agent outputs. Ingestion points: Reads files in the target workspace and JSON output from the OpenCode runtime. Boundary markers: Uses a structured 'Contract' template to wrap instructions, though this does not fully prevent adversarial content in processed data. Capability inventory: Executes CLI commands with opencode and performs file read operations. Sanitization: Instructs the agent to normalize free-form output into structured JSON, which provides a basic validation step.

codex-opencode-client