opencode-plugin-config
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill instructs the agent to fetch information from an external URL (https://opencode.ai/docs/plugins), which presents an indirect prompt injection surface. Instructions found on that page could maliciously influence the agent's behavior during the plugin creation process.
- Ingestion points: Step 1 in SKILL.md fetches documentation from a remote URL.
- Boundary markers: There are no instructions to use delimiters or ignore embedded instructions when processing the fetched content.
- Capability inventory: The skill guides the agent to create and modify files in system or project directories (e.g., ~/.opencode/plugins) and execute them using the Bun runtime.
- Sanitization: The instructions do not include any steps for sanitizing or validating the information retrieved from the external source.
- [EXTERNAL_DOWNLOADS]: The skill directs the agent to access an external documentation site (https://opencode.ai/docs/plugins), which constitutes a network operation to a non-whitelisted domain.
- [COMMAND_EXECUTION]: The skill instructs the agent to build and test plugins using the Bun runtime, which involves executing shell commands and running locally created scripts.
Audit Metadata