1password
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the official 1Password CLI (op) and tmux for session management. These tools are used for authentication and secret retrieval as intended by the skill's primary purpose. Evidence: use of op signin, op read, and tmux commands in SKILL.md.
- [EXTERNAL_DOWNLOADS]: Installation instructions utilize Homebrew (brew), a well-known and trusted package management service, to install the 1password-cli package. Evidence: brew formula in SKILL.md metadata.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection (Category 8). Untrusted data enters the agent context from 1Password vault items via op read, op inject, or op run as shown in references/cli-examples.md. While the skill includes guardrails instructing the agent not to leak secrets, it lacks strict boundary markers or sanitization logic for the content of the secrets themselves. Capability inventory includes file access and command execution via op and tmux.
Audit Metadata