atuin
Warn
Audited by Snyk on Feb 15, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill describes syncing and ingesting user-generated shell history from a cloud sync server (sync_address, e.g. https://api.atuin.sh or arbitrary self-hosted sync_address) and links public community channels (forum.atuin.sh, Discord), meaning the agent will read and present untrusted third-party/user-generated content as part of its workflow.
Audit Metadata