1password

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly uses 1Password resource URIs at runtime (e.g., op://app-prod/db/password and other op://... references) via op read / op inject / op run to fetch secrets that can be injected into prompts, environment variables, or files and thereby directly influence instructions or command execution.