op-cli
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues or malicious patterns were detected. The instructions are designed to improve the security posture of credential handling by encouraging direct piping and verification via character counts instead of printing values.
- [COMMAND_EXECUTION]: Utilizes common CLI tools including
op,wrangler,kubectl, and standard shell utilities (wc,cmp). These commands are used for their intended purposes within the context of secret management and deployment. - [DATA_EXFILTRATION]: Explicitly implements measures to prevent accidental data exposure. The skill's primary rule is to avoid printing secrets to standard output, providing alternatives that keep credentials within subshells or secure pipes.
- [DYNAMIC_EXECUTION]: Includes a simple Python snippet for JSON parsing. The script uses the standard library to extract field labels from the 1Password CLI output without executing any untrusted code.
Audit Metadata