AI Security Review
scanned 5d ago · by lpm-firewall-aiNo confirmed malicious attack surface. At OpenCode plugin runtime, it reads user-selected/project rule files and injects matching content into system prompts; it stores only rule-match state in its own OpenCode state directory.
Decision evidence
public snapshot- `src/index.ts` registers OpenCode plugin hooks that inject discovered rule text into chat system prompts.
- `src/active-rules-state.ts` writes per-session matched rule paths under `~/.opencode/state/opencode-rules-md`.
- `src/git-branch.ts` uses `execFile` to obtain the current project Git branch.
- `package.json` has no preinstall, install, postinstall, or other lifecycle hook.
- No fetch, HTTP client, socket, or network request API appears in shipped `src` or `tui` source.
- Rule discovery in `src/rule-discovery.ts` reads configured/project Markdown rule directories; it does not modify them.
- State writes validate session IDs and are limited to the package-owned OpenCode state directory.
- `src/runtime-context.ts` reads environment variables only to identify CI/config locations.
- No eval, Function, dynamic loading, shell command string execution, credential harvesting, or destructive file operation was found.
Source & flagged code
3 flagged · loading source`src/index.ts` registers OpenCode plugin hooks that inject discovered rule text into chat system prompts.
src/index.tsView on unpkg`src/active-rules-state.ts` writes per-session matched rule paths under `~/.opencode/state/opencode-rules-md`.
src/active-rules-state.tsView on unpkg`src/git-branch.ts` uses `execFile` to obtain the current project Git branch.
src/git-branch.tsView on unpkg