Skills
skills/jpcaparas/skills/scaffold-opencode-hooks/Gen Agent Trust Hub

scaffold-opencode-hooks

Pass

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill automates the creation of OpenCode plugins by auditing the project environment and generating files from local templates.
  • [COMMAND_EXECUTION]: The skill utilizes standard developer tools such as git, rg (ripgrep), and jq via bash scripts (audit_project.sh) to gather information about the project structure. This behavior is necessary for its primary function.
  • [COMMAND_EXECUTION]: The test_skill.py utility uses subprocess.run to perform integration testing on the skill's components within a temporary directory. This is standard practice for software verification.
  • [EXTERNAL_DOWNLOADS]: The skill retrieves configuration and guidelines from the official opencode.ai documentation. These are trusted domains for the target platform's specifications.
  • [SAFE]: The generated plugin code includes security guardrails, such as logic specifically designed to block unauthorized access to sensitive .env files.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 15, 2026, 03:21 AM
Security Audit — agent-trust-hub — scaffold-opencode-hooks