onepassword-cli-coder
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The file consists entirely of documentation and configuration examples for the 1Password CLI. It does not contain any executable logic or instructions that bypass safety filters.
- [COMMAND_EXECUTION] (SAFE): While the document includes shell commands (e.g.,
op account list,op run) and Makefile snippets, these are provided as standard operational templates for the user. No unauthorized or obfuscated command execution was found. - [CREDENTIALS_UNSAFE] (SAFE): The documentation mentions various sensitive environment variables (e.g.,
AWS_ACCESS_KEY_ID,OPENAI_API_KEY), but it correctly uses 1Password secret references (op://...) rather than hardcoding any actual credentials. - [DATA_EXPOSURE] (SAFE): The document references common configuration files like
.op.envand.env.workas best practices for segmenting account contexts, which is a standard and recommended security practice for CLI users.
Audit Metadata