skills/jacob-balslev/skills/opencode/Gen Agent Trust Hub

opencode

Fail

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The documentation warns that opencode serve and opencode web create a remote code execution surface if exposed without a password. It also describes a plugin system for executing external modules.
  • [EXTERNAL_DOWNLOADS]: The skill references non-whitelisted code repositories at github.com/sst/opencode and github.com/anomalyco/opencode and describes commands for downloading code, such as opencode upgrade and opencode plugin.
  • [COMMAND_EXECUTION]: The tool features a --dangerously-skip-permissions flag that bypasses user approval for dangerous tool actions.
  • [CREDENTIALS_UNSAFE]: The documentation references ~/.local/share/opencode/auth.json, which contains sensitive provider credentials.
  • [PROMPT_INJECTION]: The agent runtime ingests untrusted data from AGENTS.md and tool outputs with high capabilities like shell access. Ingestion points: Reads instructions from project files. Boundary markers: None specified. Capability inventory: High (shell, file editing). Sanitization: None specified.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 19, 2026, 07:51 AM
Security Audit — agent-trust-hub — opencode