Skills
skills/steipete/agent-scripts/1password/Gen Agent Trust Hub

1password

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (SAFE): The skill utilizes the official op CLI and tmux. The use of tmux is a necessary and standard pattern to handle interactive authentication prompts within an agent's TTY-limited environment.
  • [EXTERNAL_DOWNLOADS] (SAFE): The installation instructions utilize Homebrew (brew install 1password-cli), which is a trusted source for system utilities on macOS and Linux.
  • [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection (Category 8). Malicious instructions stored within a 1Password vault could be ingested by the agent during a read or inject operation.
  • Ingestion points: references/cli-examples.md (via op read and op inject).
  • Boundary markers: Absent; interpolation of secret values into templates or shells lacks explicit delimiters.
  • Capability inventory: File system writing (--out-file), subprocess execution (op run), and shell interaction via tmux.
  • Sanitization: Not present for the content of retrieved secrets.
  • [DATA_EXFILTRATION] (SAFE): While the tool manages sensitive credentials, it includes explicit guardrails advising against pasting secrets into logs or chat. It also recommends using op run or op inject instead of writing secrets to disk, which follows security best practices for secret management.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:03 PM