cleaning-atuin-history
Pass
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [DATA_EXPOSURE]: The skill accesses the local Atuin history database (
history.db). Shell history often contains sensitive data such as API keys, passwords, or environment variables accidentally typed into the terminal. - [COMMAND_EXECUTION]: The script
atuin_history_cleanup.pyusessubprocess.runto execute various Atuin CLI commands, includingatuin info,atuin store push, andatuin sync. These commands facilitate data synchronization with Atuin's remote servers. - [COMMAND_EXECUTION]: The transactional helper script
atuin_history_cleanup_transactional.pyutilizes a pseudo-terminal (pty) to programmatically drive the interactive Atuin TUI inspector, performing precise deletions by simulating keyboard inputs (e.g.,Ctrl+O,Ctrl+D). - [DYNAMIC_EXECUTION]: The primary script uses
importlib.utilto dynamically load its sibling helper scriptatuin_history_cleanup_transactional.pyat runtime. While the file is local to the skill, this pattern allows for executable code to be loaded from a path determined during execution. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data (shell history) to generate cleanup suggestions.
- Ingestion points: The
load_history_entriesfunction inscripts/atuin_history_cleanup.pyreads row data from the SQLite database. - Boundary markers: Audit reports are provided in structured text or JSON formats, though they do not include explicit instructions for the LLM to ignore embedded content within the history records themselves.
- Capability inventory: The skill has the ability to execute arbitrary shell commands via
subprocess.runand manage database state. - Sanitization: The script uses
shlex.quotefor shell safety and applies conservative typo-detection heuristics (e.g.,is_high_confidence_typo_token) to minimize the risk of malicious commands being interpreted as legitimate cleanup candidates.
Audit Metadata