pp-1password
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs CLI and MCP components from the vendor's GitHub repository (github.com/mvanhorn/printing-press-library) and NPM registry (@mvanhorn/printing-press-library).- [COMMAND_EXECUTION]: Executes the 1password-pp-cli binary to perform secret resolution, policy checks, and vault audits.- [DATA_EXFILTRATION]: Includes a --deliver flag that allows command results to be transmitted to user-defined webhooks. It also features a feedback command that can optionally send local session notes to a remote API endpoint.- [PROMPT_INJECTION]:
- Ingestion points: Processes project files like .env and README.md via the env inject and env plan commands (SKILL.md).
- Boundary markers: No explicit instruction delimiters are specified in the provided command examples.
- Capability inventory: The tool can execute shell commands and perform network operations via webhooks.
- Sanitization: The tool acts as a security layer by resolving fuzzy requests to exact references and enforcing policy checks before revealing secrets.
Audit Metadata