This is another case of being on the other side of an airtight hatchway: https://devblogs.microsoft.com/oldnewthing/20060508-22/?p=31...

If someone has arbitrary code execution on your machine as your user, then of course they can access things your user can access.

They could just as easily keylog your password, or replace the onepassword-cli binary with one that exfiltrates data, or steal your browser cookie to get into your email account and use that to hijack recovery flows...