1password
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill includes CLI tools in
tools/andtools-python/that interact with the 1Password service by executing the officialopCLI. This is performed using secure methods likeBun.spawnandasyncio.create_subprocess_exec, which mitigate shell injection risks by passing arguments as arrays rather than shell strings.- [EXTERNAL_DOWNLOADS]: The skill relies on the officialonepassword-sdkPython package and recommends using the official 1Password CLI. These are trusted resources and represent standard integration patterns for the service.- [SAFE]: The skill implements logic to parse local.envfiles, which constitutes a potential ingestion surface for indirect prompt injection. However, the implementation is safe as it avoids dynamic code evaluation and uses secure command execution patterns. - Ingestion points: Local
.envfiles are parsed by theparseEnvFilefunction intools/src/utils.tsandtools-python/src/op_env/utils.py. - Boundary markers: Absent.
- Capability inventory: The skill provides full CRUD capabilities for 1Password items and secret resolution via the official 1Password API and CLI.
- Sanitization: Input variables are parsed into discrete values and passed directly to SDK methods or subprocess arguments, ensuring they are not evaluated as shell commands.
Audit Metadata