pp-1password

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Installs CLI and MCP components from the vendor's GitHub repository (github.com/mvanhorn/printing-press-library) and NPM registry (@mvanhorn/printing-press-library).- [COMMAND_EXECUTION]: Executes the 1password-pp-cli binary to perform secret resolution, policy checks, and vault audits.- [DATA_EXFILTRATION]: Includes a --deliver flag that allows command results to be transmitted to user-defined webhooks. It also features a feedback command that can optionally send local session notes to a remote API endpoint.- [PROMPT_INJECTION]:
  • Ingestion points: Processes project files like .env and README.md via the env inject and env plan commands (SKILL.md).
  • Boundary markers: No explicit instruction delimiters are specified in the provided command examples.
  • Capability inventory: The tool can execute shell commands and perform network operations via webhooks.
  • Sanitization: The tool acts as a security layer by resolving fuzzy requests to exact references and enforcing policy checks before revealing secrets.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 09:00 PM
Security Audit — agent-trust-hub — pp-1password