tools-1password-cli
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill provides extensive documentation for the 1Password
opCLI, allowing the agent to perform vault operations, read/write secrets, and manage service accounts. This is the primary function of the skill and involves executing shell commands to interact with the 1Password binary. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it reads data from external sources (1Password vaults). If a vault item, such as a Secure Note or a field description, contains malicious instructions, the agent might interpret those as commands when retrieving the secret content. This is a inherent risk factor for any tool that processes external or shared data.
- [EXTERNAL_DOWNLOADS]: The documentation references installation methods via
npxandcurlfrom the vendor's GitHub repository and npm. These are standard distribution channels for the skill author and well-known services.
Audit Metadata