The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: Multiple files, including SKILL.md, scripts/doctor.sh, and scripts/run-ulw.sh, instruct the user or attempt to execute the command 'curl -fsSL https://opencode.ai/install | bash'. Piping a remote script directly to a shell interpreter from an unverified source is a critical security risk as it allows for arbitrary code execution on the user's system if the source or the connection is compromised.
[REMOTE_CODE_EXECUTION]: The scripts/doctor.sh file includes a command to install Bun via 'curl -fsSL https://bun.sh/install | bash'. While Bun is a recognized service, the execution method itself remains a high-risk practice.
[COMMAND_EXECUTION]: The provided bash scripts (scripts/doctor.sh, scripts/run-ulw.sh) execute several system-level commands and platform tools including opencode, bunx, npx, lsof, grep, and md5sum. These scripts automate environment checks and task execution without explicit user review for each sub-command.
[EXTERNAL_DOWNLOADS]: The skill relies on external packages such as 'oh-my-opencode', 'opencode-ai', and 'agent-browser' being installed from public registries. It specifically recommends using 'bunx' to run the installer, which downloads and executes the package from a remote repository.
[PROMPT_INJECTION]: The skill exhibits a significant attack surface for indirect prompt injection. It processes untrusted data from the user's codebase (ingestion points) and interpolates this into prompts for powerful orchestrator agents. There are no documented boundary markers or sanitization procedures (absent sanitization) to prevent malicious instructions embedded in codebase files from influencing the agent's behavior. The capabilities inventory includes file modification and shell execution. Additionally, there is a discrepancy in author metadata where the stated author is MetaMask but the resources are from a different third-party user, which constitutes deceptive metadata.

oh-my-opencode