1password-items
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): This skill defines a significant surface for indirect prompt injection by guiding an agent to ingest external, untrusted data and write it directly into a high-trust credential store. (1) Ingestion points: Values for secret fields and notes in op item create and op item edit commands within SKILL.md. (2) Boundary markers: Absent; there are no instructions to delimit or ignore instructions within the data being stored. (3) Capability inventory: The skill enables write and edit access to the user's password manager via the op CLI. (4) Sanitization: Absent; no validation or escaping of input data is suggested.
- COMMAND_EXECUTION (LOW): The skill's core purpose is to facilitate the execution of the op (1Password) CLI tool to manage sensitive data, which is an intended but high-privilege activity.
Recommendations
- AI detected serious security threats
Audit Metadata