atuin-history-cleanup

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands using the subprocess module to interact with the local Atuin CLI.
  • It runs commands such as atuin info, atuin search, and atuin history dedup to perform history management tasks.
  • All commands are constructed using list-based arguments and parameters are sanitized with shlex.quote to mitigate command injection risks.
  • [COMMAND_EXECUTION]: Utilizes terminal automation through pseudo-terminals (pty.openpty) to drive Atuin's interactive search view.
  • This mechanism sends standard control sequences (such as Ctrl+O and Ctrl+D) to programmatically confirm and delete specific history entries.
  • [SAFE]: Implements comprehensive data protection and integrity measures.
  • Read-only Access: The SQLite history database is opened in read-only mode during the audit phase to prevent accidental modification.
  • Transactional Workflow: The cleanup-typos command performs a full database backup using sqlite3.backup before making any changes.
  • Verification and Rollback: The skill verifies the deletion results against the planned audit and automatically restores the database from the backup if any discrepancy is detected.
  • Modular Loading: Dynamically loads a local helper module (atuin_history_cleanup_transactional.py) using importlib.util with a path derived from the script's own directory.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 02:18 PM
Security Audit — agent-trust-hub — atuin-history-cleanup