The Agent Skills Directory

[PROMPT_INJECTION]: Vulnerable to indirect prompt injection where malicious instructions embedded in the codebase or documentation could influence agent behavior.
Ingestion points: Multiple agents (Sisyphus, Explore, Librarian) ingest content from local codebase files and external documentation during task execution.
Boundary markers: The instructions do not define explicit boundary markers or delimiters to separate untrusted codebase data from the agent's core instructions.
Capability inventory: The skill provides sub-agents with significant capabilities, including full bash execution (opencode run), file editing, and access to web-searching tools.
Sanitization: There is no visible sanitization of ingested content before it is processed by the AI models, allowing for potential manipulation of agent logic.
[EXTERNAL_DOWNLOADS]: Fetches installation scripts and configuration resources from remote domains.
Retrieves the OpenCode installation script from https://opencode.ai/install.
Retrieves the Bun runtime installation script from https://bun.sh/install.
Downloads plugin configuration schemas from the official project repository on GitHub.
[REMOTE_CODE_EXECUTION]: Utilizes piped-to-shell installation patterns for required dependencies.
Documentation and the provided diagnostic script (scripts/doctor.sh) use the curl ... | bash pattern to install platform-level tools.
[COMMAND_EXECUTION]: Executes shell commands to manage environment state and agent execution.
Uses bunx to run plugin-specific CLI commands.
Provides helper scripts (doctor.sh, run-ulw.sh) that execute environment checks and start background tasks.
Integrates with tmux to manage and visualize multiple agent execution processes in parallel terminal panes.

oh-my-opencode