atuin

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflows explicitly fetch and ingest third‑party content — e.g., the Quick Start installer curl https://setup.atuin.sh | sh and the sync workflows that contact sync_address (default https://api.atuin.sh) and forum/Discord links — and synced/history content is untrusted user/third‑party data that the tool reads and can cause execution via the interactive search (Ctrl+R/Enter, enter_accept), so external content can materially influence actions.