atuin
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill documentation repeatedly recommends installing the software using a 'curl | sh' pattern from an untrusted domain.
- Evidence:
curl --proto '=https' --tlsv1.2 -LsSf https://setup.atuin.sh | shfound inreferences/sync-setup.mdandreferences/troubleshooting.md. - Risk: This allows the remote server to execute arbitrary code on the host machine without verification or package management controls.
- COMMAND_EXECUTION (HIGH): The skill provides commands for modifying system state, including service installation and shell configuration modification which can be used for persistence.
- Evidence: Instructions for
systemctl --user enable atuin-daemonandlaunchctl loadinreferences/sync-setup.md. - Evidence: Instructions to append to shell profiles like
~/.zshrcand~/.bashrc. - CREDENTIALS_UNSAFE (MEDIUM): The documentation identifies the exact path of the master encryption key and provides instructions on how to view or backup this sensitive data, which an agent could be tricked into exfiltrating.
- Evidence: Path
~/.local/share/atuin/keyreferenced inreferences/configuration.mdandreferences/sync-setup.md. - EXTERNAL_DOWNLOADS (MEDIUM): The skill references Docker images from an untrusted repository on GHCR.
- Evidence:
ghcr.io/atuinsh/atuin:latestreferenced inreferences/sync-setup.md. The organization 'atuinsh' is not in the trusted source list.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://setup.atuin.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata