opencode-browser
Warn
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the
open-computer-usepackage globally usingnpm install -g. - [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the
cli-anything-hubpackage viapip install. - [REMOTE_CODE_EXECUTION]: The Playwright configuration uses
npx -y @playwright/mcp, which fetches and executes code from Microsoft's Playwright repository on the npm registry. - [COMMAND_EXECUTION]: The skill requires the user to execute shell commands for software installation and to manually modify the local
opencode.jsonconfiguration file. - [PROMPT_INJECTION]: The skill creates an Indirect Prompt Injection surface by installing tools that ingest and act upon untrusted external data.
- Ingestion points: The Playwright and open-computer-use tools retrieve content from arbitrary URLs and desktop environments.
- Boundary markers: No boundary markers or delimiters are specified to help the agent distinguish between retrieved content and system instructions.
- Capability inventory: The tools provide the ability to automate browser actions, take screenshots, and interact with the user's desktop.
- Sanitization: There is no evidence of sanitization or filtering of the external data before it is processed by the agent.
Audit Metadata