topos-unified
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill utilizes
babashka (bb)to execute arbitrary Clojure code via the-eflag. Specifically, it runsfs/globover the entire user home directory (System/getProperty "user.home") with a depth of up to 6. - [DATA_EXFILTRATION] (MEDIUM): The skill systematically maps and reads files within the user's home directory. It defines functions like
load-gayzip-manifestthat useslurpto read local file contents into the agent's context. While no external exfiltration URL is explicitly visible, the broad recursive scanning and reading of the~directory constitutes a significant data exposure risk. - [DYNAMIC_EXECUTION] (MEDIUM): The skill relies on runtime execution of Clojure strings and dynamic loading of file content from computed paths on the filesystem.
- [INDIRECT_PROMPT_INJECTION] (LOW):
- Ingestion points: Reads
.toposmanifests and.treefiles from~/ies/rio/gayzip/and~/ies/hatchery_repos/. - Boundary markers: Absent; no delimiters or instructions are provided to the agent to ignore potentially malicious content within these files.
- Capability inventory: Filesystem globbing and reading (
slurp) via Babashka, which could be used to process malicious instructions found in the indexed files. - Sanitization: No sanitization or validation of the file content is performed before it is loaded into the agent's context.
Audit Metadata