1password
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill installs the official 1password-cli binary via the Homebrew package manager. This is a standard and verifiable installation method for this utility.
- [COMMAND_EXECUTION] (SAFE): The skill executes tmux and op commands required for secret management; no unauthorized command patterns were detected.
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface (Category 8).
- Ingestion points: Vault data retrieved via op commands (such as list or read) and captured from the tmux pane enter the agent context.
- Boundary markers: None identified; untrusted data from the vault is processed without delimiters or explicit instruction-ignore warnings.
- Capability inventory: The skill has shell and tmux execution capabilities, which could be exploited if malicious instructions are present in secrets.
- Sanitization: No validation or sanitization is performed on the data fetched from 1Password items before it is presented to the agent.
Audit Metadata