bitwarden-secrets
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill is designed for credential management and incorporates robust safety guardrails that prohibit the printing of secret values or sensitive identifiers in chat outputs.
- [COMMAND_EXECUTION]: Utilizes the bws CLI, jq, and standard shell utilities (awk, sed) to automate the creation, update, and retrieval of secrets from Bitwarden projects.
- [DATA_EXFILTRATION]: Accesses local .env files for synchronization purposes; this behavior is the intended primary use case and is mitigated by instructions to treat management tokens as restricted credentials and to avoid committing secrets to version control.
- [PROMPT_INJECTION]: Evaluated the risk of indirect prompt injection from data ingested during synchronization.
- Ingestion points: Data enters the agent context through the parsing of local .env files and JSON output from the bws CLI.
- Boundary markers: The skill uses clear "Safety requirements (non-negotiable)" and "Golden Rules" to delineate how secrets should be handled and reported.
- Capability inventory: The skill can read/write files (.env) and perform network operations via the official Bitwarden CLI tool.
- Sanitization: The agent is explicitly instructed to only report key names and operational status, ensuring that any malicious payloads within secret values are not processed or echoed.
Audit Metadata