babysit

SUSPICIOUS. The core babysitter orchestration behavior mostly matches the stated purpose, and the main SDK install path is plausibly legitimate. However, the skill is high-privilege, directs the agent to install additional skills/subagents, and mixes untrusted web/repo research with file writes and command execution, creating meaningful transitive-trust and prompt-injection risk even without clear exfiltration behavior.