The Agent Skills Directory

[PROMPT_INJECTION]: The skill ingests external data from 1Password vaults, which constitutes a surface for indirect prompt injection. Ingestion points: Data enters the context via op read, op inject, and tmux capture-pane commands. Boundary markers: No delimiters are used to wrap or isolate content retrieved from the vault. Capability inventory: The skill can execute shell commands through op, tmux, and op run, and can write files to the local system. Sanitization: External vault content is not sanitized before it is used or displayed.
[DATA_EXFILTRATION]: The skill documentation includes examples for writing sensitive secrets directly to the local filesystem, such as op read --out-file ./key.pem. While documented as a feature, this represents potential exposure of sensitive credentials on the host system.
[COMMAND_EXECUTION]: The skill leverages tmux to maintain session state and op run to execute subcommands with environment variables. This involves dynamic execution of shell commands, which is the primary intended function of the tool.
[SAFE]: The skill follows security best practices by implementing guardrails that prevent secrets from being logged or displayed in chat. It recommends secure methods like op run and op inject to avoid persistent plaintext secrets. Installation is handled via trusted package managers (Homebrew).

1password