mirror of
https://github.com/anomalyco/opencode.git
synced 2026-07-10 01:08:32 +00:00
docs: clarify that malicious config files are not an attack vector
This commit is contained in:
parent
a3a06ffc4f
commit
b05d88a730
1 changed files with 1 additions and 0 deletions
|
|
@ -24,6 +24,7 @@ Server mode is opt-in only. When enabled, set `OPENCODE_SERVER_PASSWORD` to requ
|
|||
| **Sandbox escapes** | The permission system is not a sandbox (see above) |
|
||||
| **LLM provider data handling** | Data sent to your configured LLM provider is governed by their policies |
|
||||
| **MCP server behavior** | External MCP servers you configure are outside our trust boundary |
|
||||
| **Malicious config files** | Users control their own config; modifying it is not an attack vector |
|
||||
|
||||
---
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue