opencode
Fail
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The documentation warns that
opencode serveandopencode webcreate a remote code execution surface if exposed without a password. It also describes a plugin system for executing external modules. - [EXTERNAL_DOWNLOADS]: The skill references non-whitelisted code repositories at
github.com/sst/opencodeandgithub.com/anomalyco/opencodeand describes commands for downloading code, such asopencode upgradeandopencode plugin. - [COMMAND_EXECUTION]: The tool features a
--dangerously-skip-permissionsflag that bypasses user approval for dangerous tool actions. - [CREDENTIALS_UNSAFE]: The documentation references
~/.local/share/opencode/auth.json, which contains sensitive provider credentials. - [PROMPT_INJECTION]: The agent runtime ingests untrusted data from
AGENTS.mdand tool outputs with high capabilities like shell access. Ingestion points: Reads instructions from project files. Boundary markers: None specified. Capability inventory: High (shell, file editing). Sanitization: None specified.
Recommendations
- AI detected serious security threats
Audit Metadata