oh-my-opencode

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs agents to fetch and use external web content (e.g., built-in MCP "Exa" web_search_exa, Librarian/Grep.app for OSS/public GitHub search, and the "skills.sources" config which can include arbitrary URLs like "https://example.com/skill.yaml") and shows workflows (SKILL.md and references/configuration.md) where those fetched, untrusted third‑party results are read and used to drive planning and automated actions (Prometheus/Atlas, background delegates), which enables indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's prerequisites explicitly instruct running a remote installer via curl -fsSL https://opencode.ai/install | bash which fetches and executes remote code as a required step to install OpenCode for this plugin, posing a runtime-execution risk.