Skills
skills/mikeng-io/agent-skills/bridge-opencode/Gen Agent Trust Hub

bridge-opencode

Fail

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides instructions for the agent to execute shell commands, including opencode CLI calls for model execution and curl for interacting with a local API server. It also uses a one-line Python script to parse JSON responses.
  • [DATA_EXFILTRATION]: The skill includes instructions to perform network operations against http://localhost:4096. These requests are used for connectivity heartbeats and API interaction with a local service. Localhost is a whitelisted domain, and no external data exfiltration was detected.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by instructing the agent to interpolate {constructed_prompt} (which may contain untrusted data from external sources) into shell command arguments or API request bodies.
  • Ingestion points: The {constructed_prompt} variable is interpolated into opencode run commands and HTTP POST payloads in SKILL.md.
  • Boundary markers: No explicit boundary markers or 'ignore' instructions for the interpolated content are defined in these reference files.
  • Capability inventory: The skill utilizes subprocess execution and local network access.
  • Sanitization: There is no evidence of input validation or sanitization for the interpolated data within the skill's instructions.
Recommendations
  • HIGH: Downloads and executes remote code from: http://localhost:4096 - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
May 9, 2026, 05:42 PM
Security Audit — agent-trust-hub — bridge-opencode