babashka
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill demonstrates and enables the execution of arbitrary shell commands through the
babashka.processlibrary (e.g.,p/shell "ls -la").- REMOTE_CODE_EXECUTION (MEDIUM): The skill includes a task to start an nREPL server (babashka.nrepl.server/start-server!) on port 1667, which allows for remote evaluation of code over the network.- EXTERNAL_DOWNLOADS (LOW): The Clojure script performs a network request toapi.github.comusingbabashka.http-client. While the domain is reputable, outbound network access is a prerequisite for data exfiltration.- DATA_EXPOSURE (LOW): The use ofbabashka.fsfor filesystem operations likeglobandcopyallows the agent to discover and manipulate files within the local environment.- INDIRECT_PROMPT_INJECTION (LOW): The skill possesses an ingestion point (GitHub API) and high-privilege capabilities (shell execution, file writing) without explicit sanitization or boundary markers, creating a surface for indirect injection attacks.
Audit Metadata