Along the lines of the 'jammr' package, an example to show it's quite easy to hide things from even moderately careful inspection.
If you run the code in evil.R, there isn't any obvious impact on your session, as evil-output.txt shows. But now look at what pie() and attach() do.
This isn't a security issue: anyone who can run arbitrary R code on your system can do much worse.