Orchestrate via @babysitter. Use this skill when asked to babysit a run, orchestrate a process or whenever it is called explicitly. (babysit, babysitter, orchestrate, orchestrate a run, workflow, etc.)

2026-04-031.4k

babysit

a5c-ai/babysitter

2026-04-031.4k

cleanup

a5c-ai/babysitter

Clean up .a5c/runs and .a5c/processes directories. Aggregates insights from completed/failed runs into docs/run-history-insights.md, then removes old run data and orphaned process files.

2026-04-031.4k

contrib

a5c-ai/babysitter

Submit feedback or contribute to babysitter project

2026-04-031.4k

plugins

a5c-ai/babysitter

manage babysitter plugins. use this command to see the list of installed babysitter plugins, their status, and manage them (install, update, uninstall, list from marketplace, add marketplace, configure plugin, create new plugin, etc).

name	git-forensics-scanner
description	Git diff forensics for surfacing and classifying code changes for trojan detection
allowed-tools	["Bash","Read","Glob","Grep"]

Git Forensics Scanner

Surfaces and classifies all code changes in a repository using git diff analysis, providing structured change sets for downstream semantic analysis.

Purpose

The first phase of nation-state trojan detection: identify exactly what changed, how much changed, and classify each change by risk level. Small diffs in critical code paths are flagged as highest-risk since business-logic trojans typically modify 1-5 lines.

Capabilities

Change Set Extraction

Unstaged changes (git diff)
Staged changes (git diff --cached)
Commit range diffs (git diff <base>..<head>)
Branch diffs (git diff <base>...<head>)
Per-file patch extraction with full hunk context

Change Classification

code — Logic, algorithms, formulas, control flow
config — Constants, parameters, thresholds, defaults
data-model — Schemas, types, model properties, ORM mappings
cosmetic — Formatting, comments, whitespace, rounding wrappers

Risk Triage

Files with 1-5 line changes in prediction/financial/auth code → HIGH RISK
Single-character operator changes → CRITICAL RISK
Comment-only changes accompanying code changes → CAMOUFLAGE RISK

Input Schema

{
  "type": "object",
  "required": ["projectRoot"],
  "properties": {
    "projectRoot": {
      "type": "string",
      "description": "Absolute path to the git repository"
    },
    "scanMode": {
      "type": "string",
      "enum": ["uncommitted", "commit-range", "branch-diff"],
      "default": "uncommitted"
    },
    "baseRef": {
      "type": "string",
      "description": "Base git reference (for commit-range/branch-diff)"
    },
    "headRef": {
      "type": "string",
      "description": "Head git reference (for commit-range/branch-diff)"
    },
    "targetPaths": {
      "type": "array",
      "items": { "type": "string" },
      "description": "Limit scan to specific paths"
    }
  }
}

Output Schema

{
  "type": "object",
  "required": ["totalFiles", "files"],
  "properties": {
    "totalFiles": { "type": "number" },
    "totalInsertions": { "type": "number" },
    "totalDeletions": { "type": "number" },
    "files": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "path": { "type": "string" },
          "insertions": { "type": "number" },
          "deletions": { "type": "number" },
          "hunks": { "type": "number" },
          "classification": { "type": "string" },
          "rawDiff": { "type": "string" },
          "riskLevel": { "type": "string" }
        }
      }
    }
  }
}

Usage Example

skill: {
  name: 'git-forensics-scanner',
  context: {
    projectRoot: '/path/to/project',
    scanMode: 'uncommitted'
  }
}

Process Files

nation-state-trojan-detection.js — Phase 1: Git Forensics task