process-builder
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill functions as a documentation and scaffolding utility for the 'babysitter' event-sourced orchestration framework, intended to guide developers in process implementation.
- [EXTERNAL_DOWNLOADS]: References the '@a5c-ai/babysitter-sdk' library, which is a legitimate vendor resource provided by the skill author (a5c-ai).
- [COMMAND_EXECUTION]: Documents standard CLI operations such as 'babysitter run:create' and 'babysitter run:iterate'. these are used for process management within the framework's ecosystem and are documented for user reference.
- [PROMPT_INJECTION]: Analyzed for indirect prompt injection vulnerability surfaces. The skill templates facilitate the creation of processes that ingest user-defined requirements. The framework includes built-in human-in-the-loop (HITL) patterns to mitigate autonomous execution risks.
- Ingestion points: User-provided input objects in the 'process(inputs, ctx)' function template.
- Boundary markers: None explicitly defined in the provided templates.
- Capability inventory: The SDK 'ctx.task' method supports executing 'shell', 'node', and 'agent' tasks.
- Sanitization: Not explicitly defined in the structural templates; intended to be implemented by the developer.
Audit Metadata