Skills
skills/luongnv89/skills/opencode-runner/Gen Agent Trust Hub

opencode-runner

Fail

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill includes instructions to install the required tool via curl -fsSL https://opencode.ai/install | bash, a high-risk pattern that executes remote code without verification.
  • [DATA_EXFILTRATION]: The skill sends local project code and user-defined prompts to opencode.ai for model processing. This constitutes a data exfiltration surface for sensitive project context to a non-whitelisted service.
  • [COMMAND_EXECUTION]: The skill manages the lifecycle of the external opencode tool using commands like opencode run, opencode upgrade, and pkill, providing the agent with broad execution capabilities.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the download and installation of dependencies from external registries like NPM and Homebrew.
  • [PROMPT_INJECTION]: The skill interpolates untrusted user prompts into shell command arguments. Ingestion point: user task descriptions (SKILL.md); Boundary markers: shell quotes; Capability inventory: file modification and task delegation via opencode (SKILL.md); Sanitization: not specified.
Recommendations
  • HIGH: Downloads and executes remote code from: https://opencode.ai/install - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 20, 2026, 10:48 AM
Security Audit — agent-trust-hub — opencode-runner