bmad-distillator
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python utility,
scripts/analyze_sources.py, to analyze file metadata, compute token estimates, and determine document groupings. The script uses standard Python libraries and operates strictly on local files. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes untrusted data from user-provided source documents.
- Ingestion points: Source files identified via the
source_documentsparameter inSKILL.mdare read and passed to compression subagents. - Boundary markers: The skill does not use specific delimiters or instructions to ignore embedded commands within the source documents when they are processed by the
distillate-compressor.mdsubagent. - Capability inventory: The skill can read local files (restricted to .md, .txt, .yaml, .yml, and .json), spawn subagents for content processing, and write compressed distillate files and validation reports to the local filesystem.
- Sanitization: No sanitization, escaping, or filtering of the document content is performed before the agent processes it for information extraction.
Audit Metadata