easy-opencode

The skill instructs the agent to execute an external binary `opencode` via shell commands (`cd [repo dir] && opencode run "[instructions/questions]" ...`) as seen in `SKILL.md`. The `[instructions/questions]` argument is likely derived from user input or agent-generated content. Without explicit sanitization or escaping of this argument before it's embedded into the shell command, this creates a significant shell injection vulnerability, potentially leading to arbitrary code execution (RCE) on the host system. The `opencode` binary itself is an unknown dependency, and its capabilities are not specified, adding to the overall risk.