Trust Assessment
1password received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Potential secret exfiltration via tmux capture-pane, Command Injection vulnerability in tmux send-keys.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential secret exfiltration via tmux capture-pane The skill uses `tmux capture-pane` to retrieve the output of commands executed within a tmux session. Given that the skill's purpose is to interact with 1Password, including "reading/injecting/running secrets via op", any `op read` command executed within this session would have its output (the secret) captured by `capture-pane`. This captured secret would then be available in the LLM's context, creating a direct path for exfiltration if the LLM is not strictly prevented from logging or outputting it. While the example shows `op vault list`, the mechanism is present for more sensitive commands. Avoid using `tmux capture-pane` for sessions where sensitive information might be displayed. Instead, rely on `op run` or `op inject` which are designed to pass secrets directly to processes without exposing them in stdout. If output capture is strictly necessary, implement robust sanitization and redaction mechanisms for sensitive data before it enters the LLM's context. Ensure the LLM is explicitly instructed never to log or output secrets. | LLM | SKILL.md:36 | |
| HIGH | Command Injection vulnerability in tmux send-keys The skill constructs `tmux send-keys` commands with arguments like `--account my.1password.com`. If the `--account` value (or any other argument passed to `send-keys`) is derived from untrusted user input, an attacker could inject shell metacharacters (e.g., `"; evil_command; #`) into this value. This would cause arbitrary commands to be executed within the `tmux` session, potentially leading to privilege escalation, data exfiltration, or system compromise. The example uses a hardcoded value, but the instruction "If multiple accounts: use `--account` or `OP_ACCOUNT`" implies dynamic generation. All user-provided input used in `tmux send-keys` commands must be rigorously sanitized and escaped to prevent shell metacharacter injection. Consider using a dedicated `tmux` command execution function that handles escaping, or strictly limit user input to a predefined set of safe values. For account names, validate against a known list or enforce strict character sets. | LLM | SKILL.md:33 |
Scan History
Embed Code
[](https://skillshield.io/report/92cfb475fc2c1c46)
Powered by SkillShield