The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill installs the 1password-cli package via the Homebrew (brew) package manager. Homebrew is a well-known, established service, and the formula used is the standard official package.
[COMMAND_EXECUTION]: Utilizes tmux to manage CLI sessions. This is a technical necessity for AI agents to interact with tools like op signin that require a pseudo-terminal (TTY) for secure authentication prompts.
[DATA_EXFILTRATION]: While the skill's primary purpose is accessing sensitive secrets, it includes specific safety instructions: 'Never paste secrets into logs, chat, or code' and 'Prefer op run / op inject over writing secrets to disk.' These represent security best practices.
[INDIRECT_PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted data (secret values) retrieved from external 1Password vaults.
Ingestion points: Secret data entered via op read, op inject, and op run (found in SKILL.md and references/cli-examples.md).
Boundary markers: Absent; there are no specific delimiters to separate secret content from instructions.
Capability inventory: Subprocess calls via tmux and op, and file writing via op read --out-file (found in SKILL.md and references/cli-examples.md).
Sanitization: Absent; the content of the secrets is not sanitized before being passed to other tools or the agent context.

1password