cleaning-atuin-history

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [DATA_EXPOSURE]: The skill accesses the local Atuin history database (history.db). Shell history often contains sensitive data such as API keys, passwords, or environment variables accidentally typed into the terminal.
  • [COMMAND_EXECUTION]: The script atuin_history_cleanup.py uses subprocess.run to execute various Atuin CLI commands, including atuin info, atuin store push, and atuin sync. These commands facilitate data synchronization with Atuin's remote servers.
  • [COMMAND_EXECUTION]: The transactional helper script atuin_history_cleanup_transactional.py utilizes a pseudo-terminal (pty) to programmatically drive the interactive Atuin TUI inspector, performing precise deletions by simulating keyboard inputs (e.g., Ctrl+O, Ctrl+D).
  • [DYNAMIC_EXECUTION]: The primary script uses importlib.util to dynamically load its sibling helper script atuin_history_cleanup_transactional.py at runtime. While the file is local to the skill, this pattern allows for executable code to be loaded from a path determined during execution.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data (shell history) to generate cleanup suggestions.
  • Ingestion points: The load_history_entries function in scripts/atuin_history_cleanup.py reads row data from the SQLite database.
  • Boundary markers: Audit reports are provided in structured text or JSON formats, though they do not include explicit instructions for the LLM to ignore embedded content within the history records themselves.
  • Capability inventory: The skill has the ability to execute arbitrary shell commands via subprocess.run and manage database state.
  • Sanitization: The script uses shlex.quote for shell safety and applies conservative typo-detection heuristics (e.g., is_high_confidence_typo_token) to minimize the risk of malicious commands being interpreted as legitimate cleanup candidates.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 05:19 AM
Security Audit — agent-trust-hub — cleaning-atuin-history