NASL was designed with security in mind.
A NASL script cannot contain a Trojan horse.
In fact, a NASL script can attack a machine that was not the target, because of relaying. But the problem is not in NASL! Some people knocked their company mail down with 42.zip
Although it would be great, there is no way to call an external command in NASL (aka popen).