Babysitter security-hardening
AIDefence security layer with prompt injection blocking, input validation, sandboxed execution, output sanitization, and STRIDE threat modeling.
install
source · Clone the upstream repo
git clone https://github.com/a5c-ai/babysitter
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/a5c-ai/babysitter "$T" && mkdir -p ~/.claude/skills && cp -r "$T/library/methodologies/ruflo/skills/security-hardening" ~/.claude/skills/a5c-ai-babysitter-security-hardening && rm -rf "$T"
manifest:
library/methodologies/ruflo/skills/security-hardening/SKILL.mdsource content
Security Hardening
Overview
Multi-layered security audit pipeline implementing the AIDefence architecture. Protects against prompt injection, path traversal, and other attack vectors while ensuring compliance with security best practices.
When to Use
- Before deploying code to production
- When processing untrusted inputs
- Security audits of agent-generated code
- Compliance verification (OWASP Top 10, CIS)
AIDefence Layers
- Prompt Injection Detection - Pattern + heuristic blocking
- Input Validation - Path traversal, type coercion, parameter sanitization
- Static Analysis (SAST) - Vulnerability scanning, CWE matching
- Sandboxed Execution - Network isolation, filesystem restrictions, resource limits
- Output Sanitization - Secrets, PII, injection vector redaction
Security Levels
| Level | Layers | Use Case |
|---|---|---|
| standard | SAST + validation + sanitization | Routine audits |
| elevated | + threat modeling + compliance | Pre-release audits |
| maximum | + sandbox + full STRIDE + remediation | Critical systems |
Agents Used
- Vulnerability detectionagents/security-auditor/
- Code quality verificationagents/reviewer/
Tool Use
Invoke via babysitter process:
methodologies/ruflo/ruflo-security-audit