heavenly's blog

software engineering, reverse engineering, and bug bounties

powered by hellish technology

funsies with opencode (and a little github copilot exploitery)

published on february 16, 2026 • edited on february 16, 2026 • • 67 views

messing with oh-my-opencode + kimi orchestration, plus a github copilot subagent exploit

tools used

opencode, kimi, github copilot, oh-my-opencode

what happened?

i’ve been leaning harder into “agentic” coding lately: one model plans, other models do, and opencode routes tasks + tools.
the moment i saw the github copilot/vscode subagent issue (linked here: https://github.com/microsoft/vscode/issues/292452), it clicked that a lot of people (including me) treat “subagent” as a security boundary when it’s mostly a product concept.

the action

my setup

i like using kimi as the orchestrator: i give it the goal and constraints, and it produces a task breakdown (research, implement, test, refactor, docs). then i let opencode execute that plan with tools (edits, commands, etc) while i stay focused on the main thread. i love opencode's plan mode, specifically the question tool, which is a lot like claude code's question tool. basically, it gives you a popup modal thing where it asks you questions, and gives you either multiple choice response, multi select response, or custom input box. this allows you to steer the plan so your agents can execute them.

github copilot subagent exploit (summary)

the issue (#292452) describes a billing/metering mismatch where “premium request” cost is determined by the initial chat model, while subagent execution and tool-driven subagent calls don’t get metered the same way. in practice, the report claims you can start a chat on a “free” included model (so the initial request is billed as free/cheap), then have that session spin up a subagent that uses an agent profile pinned to a premium model. because the accounting is tied to the initial model and subagent/tool-call paths aren’t counted correctly, the premium model work can run while consuming zero (or far fewer than expected) premium requests, enabling effectively unlimited premium usage until the bug is fixed.

where oh-my-opencode fits (and why i’m conflicted)

i don’t particularly like oh-my-opencode because it’s a token burner. it’s convenient, but it can chew through tokens fast once you start spawning multiple subagents and having them talk / review / re-plan in loops. the only reason for me currently using omo is because of the github copilot exploit, where i can spin up as many subagents (opus 4.6) at no cost. generally, i don't like it for it's expense reasons.

results

what i learned

opencode is fun and agentic coding is fun. also agents are good at writing code, but terrible at architecture and system design.