1password
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
opandtmuxcommands to manage 1Password authentication and secret retrieval. - It utilizes
tmuxto create a dedicated session for interactive authentication (op signin), ensuring that the CLI's TTY requirements are met within the agent's environment. - Standard commands for secret management (reading, injecting, and running) are used, following official 1Password CLI practices.
- [EXTERNAL_DOWNLOADS]: The skill guides the user to install the 1Password CLI via official channels.
- Recommends using Homebrew (
brew install 1password-cli) to acquire theopbinary from a trusted source. - The references point to official 1Password documentation for setup and integration.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface through the ingestion of vault data.
- Ingestion points: Data enters the agent context when reading secrets or injecting them into templates using
op readandop inject(File:references/cli-examples.md). - Boundary markers: The skill does not explicitly define delimiters for separating vault-retrieved content from agent instructions in its examples.
- Capability inventory: The agent can execute shell commands, manage files, and perform network operations via the
optool. - Sanitization: The skill includes mandatory guardrails requiring the agent to never paste secrets into logs or chat, which serves as a critical safety control for data privacy.
Audit Metadata