Does this mean opencode (and other such agent harnesses that auto update) might also be compromised?