babysit
Warn
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Installs the @a5c-ai/babysitter-sdk globally using sudo to establish the local orchestration environment.
- [REMOTE_CODE_EXECUTION]: Utilizes dynamic code generation to create and execute JavaScript process files based on repository analysis and user-provided requirements.
- [EXTERNAL_DOWNLOADS]: Fetches the vendor-owned @a5c-ai/babysitter-sdk package from the official npm registry.
- [DATA_EXFILTRATION]: Reads user profile data from ~/.a5c/user-profile.json, including expertise levels and communication preferences, to personalize orchestration.
- [PROMPT_INJECTION]: Ingests untrusted repository structures and user intent to drive code generation; ingestion occurs during the research and interview phases, lacks explicit boundary markers, and utilizes high-privilege capabilities like Bash and Task without sanitization.
Audit Metadata