Skills
skills/plurigrid/asi/babashka-clj/Gen Agent Trust Hub

babashka-clj

Warn

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • COMMAND_EXECUTION (MEDIUM): The skill references the use of babashka.process/shell for executing shell commands and provides instructions for running arbitrary scripts and tasks (e.g., bb script.clj, bb run <task>). This functionality can be exploited to run malicious OS-level commands if the script content is influenced by untrusted data.
  • REMOTE_CODE_EXECUTION (MEDIUM): The documentation includes a command to start an nrepl-server. An nREPL server listens on a network port and allows for the remote execution of arbitrary code on the host machine, which is a significant security risk if the port is exposed or accessible to unauthorized users.
  • INDIRECT_PROMPT_INJECTION (LOW):
  • Ingestion points: The skill is designed to process and execute external Clojure scripts and named tasks.
  • Boundary markers: No delimiters or safety warnings are present to prevent instructions inside scripts from being treated as authoritative commands.
  • Capability inventory: The skill has the capability to spawn subprocesses (shell) and execute arbitrary code via the sci interpreter.
  • Sanitization: There is no evidence of input validation or sanitization for the scripts or tasks being executed.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 19, 2026, 11:27 AM