From b05d88a73012e2f2eeeae1ac92e0be4a9f0864fc Mon Sep 17 00:00:00 2001
From: Dax Raad <d@ironbay.co>
Date: Tue, 20 Jan 2026 12:17:58 -0500
Subject: [PATCH] docs: clarify that malicious config files are not an attack
 vector

---
 SECURITY.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/SECURITY.md b/SECURITY.md
index 3a653d01c6..93c7341cef 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -24,6 +24,7 @@ Server mode is opt-in only. When enabled, set `OPENCODE_SERVER_PASSWORD` to requ
 | **Sandbox escapes**             | The permission system is not a sandbox (see above)                      |
 | **LLM provider data handling**  | Data sent to your configured LLM provider is governed by their policies |
 | **MCP server behavior**         | External MCP servers you configure are outside our trust boundary       |
+| **Malicious config files**      | Users control their own config; modifying it is not an attack vector    |
 
 ---