Opencode Acp Control

The SKILL.md expects the agent to run the 'opencode' CLI (e.g., `opencode acp`, `opencode session list`) and to use process/bash helpers (process.write, process.poll, process.kill). However the skill metadata declares no required binaries or credentials. The omission of the 'opencode' CLI (and the implicit requirement for the agent's process/bash capabilities) is an inconsistency: a user installing this should expect the skill to require the opencode binary and the ability to spawn background processes.

Runtime instructions tell the agent to start an OpenCode process in a specified workdir, send JSON-RPC messages, poll for responses, and restart/kill processes. This stays within the stated purpose (managing OpenCode sessions) but it does involve running shell commands and operating in user-specified project directories, which means the skill — via OpenCode — can interact with project files (the initialize message declares fs read/write capabilities). The instructions do not explicitly ask the agent to read unrelated system files or environment variables.

This is an instruction-only skill with no install spec or downloaded code, which is lower risk. Nothing will be written to disk by the skill package itself. The primary risk comes from the runtime commands the instructions ask the agent to run.

The manifest does not request environment variables or credentials, and the instructions do not reference secrets or unrelated credentials. That is proportionate. Note: the skill implicitly needs access to the user's filesystem via the OpenCode instance (cwd/workdir), but that is consistent with a code-workflow tool.

The skill does not set always:true and is user-invocable. disable-model-invocation is false (default autonomous invocation allowed), which is normal for skills; no excessive persistence or cross-skill configuration changes are requested.