Skip to content

unexpected system prompt parts despite disabling default agent(s) #5005

New issue
New issue
Open
Open
unexpected system prompt parts despite disabling default agent(s)#5005
Assignees
rekram1-node
Labels
bugSomething isn't working
@taqtiqa-mark

Description

@taqtiqa-mark
taqtiqa-mark
opened on Dec 3, 2025

Description

Environment

  • OpenCode version: v1.0.128
  • Operating System: Linux (Debian Testing)
  • Installation: Containerized setup via curl script
  • Mode: TUI (no serve-attach)
  • Configuration: Relevant agent settings as follows (with Plan, Build, and General agents disabled):
  "agent": {
    // Example agent:
    "driven": {
      "disable": false
    },
    "research": {
      "disable": false
    },
    "knowledge-synthesizer": {
      "disable": false
    },
     "plan": {
      "disable": true
    },
    "build": {
      "disable": true
    },
     "general": {
      "disable": true
    }
  },
  • Note: The "driven" agent is a custom implementation that does not identify itself as "opencode."

Steps to Reproduce

  1. Configure OpenCode with the above agent settings, ensuring Plan, Build, and General agents are disabled.
  2. Start OpenCode in TUI mode.
  3. Initiate interaction with the LLM by entering a simple prompt, such as "Hello? Grok?" (or any initial query without specifying a custom prompt).

Expected Behavior

With the Plan, Build, and General agents disabled, the LLM should respond without any injected system prompts or self-identification as "opencode." Instead, it should provide the default response from the underlying LLM provider, free from any developer-imposed modifications or injections.

Actual Behavior

Upon initial interaction (e.g., "Hello? Grok?"), the LLM responds with:

Hello! I'm opencode, and AI coding assistant. How can I help with your software project? Type `/help` for usage info.

This indicates an unintended background prompt injection that overrides the configuration, forcing the LLM to identify as "opencode" despite the disabled agents intended to prevent such defaults.

Impact

This behavior undermines user control over the LLM's prompting, introducing unexpected modifications that could alter responses in unintended ways. It represents a potential security flaw, as users cannot reliably prevent developer-injected prompts from influencing their workflow, which may lead to privacy concerns, inconsistent outputs, or exposure to unconfigurable biases. In environments requiring strict prompt hygiene (e.g., custom agent integrations), this erodes trust in the tool's configurability.

Suggested Resolution

Ensure that disabling the Plan, Build, and General agents fully eliminates default prompt injections, allowing the LLM to revert to its provider's raw behavior. Consider adding explicit configuration options for system prompt overrides or a "raw mode" to give users granular control. This would enhance security and align with principles of user autonomy in AI tools.

OpenCode version

v1.0.128

Steps to reproduce

See above.

Screenshot and/or share link

NA

Operating System

Linux (Debian Testing)

Terminal

Alacritty+Zellij

Metadata

Metadata

Assignees

Labels

bugSomething isn't working

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions