opencode-config
Warn
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute the
opencode run "test"bash command to validate configuration changes, granting the agent the ability to execute arbitrary local commands. - [DATA_EXFILTRATION]: The configuration schema supports variable substitution from local files (e.g.,
{file:~/.secrets/anthropic-key}), providing a mechanism for the agent to read sensitive data into its execution context. - [COMMAND_EXECUTION]: The configuration facilitates the setup of MCP (Model Context Protocol) servers, which can be configured to execute local commands (e.g.,
npx -y @org/package) or connect to remote URLs. - [EXTERNAL_DOWNLOADS]: The schema allows defining remote MCP servers via URLs (e.g.,
https://api.example.com/mcp), which triggers the agent to fetch data or instructions from external network sources. - [PROMPT_INJECTION]: The skill contains a 'STRICTLY PROHIBITED MODELS' section that uses authoritative language to override standard model selection, potentially leading to unexpected agent behavior or failures.
- [PROMPT_INJECTION]: The skill manages
AGENTS.mdand theinstructionsconfiguration field, which serve as surfaces for indirect prompt injection. Ingestion points:opencode.json,AGENTS.md. Boundary markers: Absent. Capability inventory: Bash tool, file editing, MCP server configuration. Sanitization: Absent.
Audit Metadata