opencode-agents

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). Although it doesn’t explicitly instruct creating users, editing systemctl/ssh configs, or requesting sudo, the skill defaults agents to “ALL tools and permissions” and includes examples that grant unrestricted bash/file-edit capabilities (e.g., a “Builder” with no permission block = full access), which encourages agents to execute shell commands and modify files on the host—posing a significant risk of changing machine state.