bafishka
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [Dynamic Execution] (MEDIUM): The skill's primary purpose is the evaluation of code strings through the SCI (Small Clojure Interpreter) and Steel backend. This is an inherent risk where untrusted input could lead to arbitrary code execution.
- [Command Execution] (MEDIUM): The skill provides powerful file system primitives such as
fs/glob,fs/list-dir, andslurp, allowing the agent to interact broadly with the host environment. - [Indirect Prompt Injection] (LOW): The skill possesses the surface area for indirect injection.
- Ingestion points: Reads local file data via
slurpandfs/list-dirinSKILL.md. - Boundary markers: Absent. No instruction delimiters or 'ignore embedded content' warnings are present.
- Capability inventory: Comprehensive file system access, data transformation, and database integration (DuckDB).
- Sanitization: Absent. The skill examples show direct processing of file content without validation.
- [External Downloads] (LOW): References an external source repository at
https://github.com/bmorphism/bafishka. As the organization is not on the trusted list, the dependency is considered unverifiable.
Audit Metadata