1password
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage globally via npm to enable command-line interactions with the Membrane platform. - [COMMAND_EXECUTION]: The skill uses shell commands to perform authentication, connection management, and action execution through the
membraneCLI tool. - [DATA_EXFILTRATION]: The skill is designed to read and manipulate sensitive data from 1Password vaults. While this involves handling sensitive credentials, it uses the vendor's specific platform for secure management rather than local storage.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it processes data retrieved from 1Password vault items which could contain embedded instructions.
- Ingestion points: Content from 1Password records retrieved through
membrane action run. - Boundary markers: Absent; no delimiters are defined to separate vault data from agent instructions.
- Capability inventory: Execution of shell commands via the Membrane CLI and remote action creation/triggering.
- Sanitization: Not documented; the skill assumes data retrieved from the vault is trusted content.
Audit Metadata