The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes a bundled Python script (scripts/analyze_sources.py) to analyze file metadata and determine processing routes. The script is self-contained and uses standard Python libraries for file resolution and token estimation without any external network calls.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes untrusted content from user-provided source_documents. A malicious source file could attempt to influence the agent's behavior during distillation. However, the risk is mitigated by a multi-stage workflow that isolates initial file analysis from content processing and uses specialized subagents for compression tasks. Evidence: Ingestion points are files provided in the source_documents argument; boundary markers are absent in the subagent instructions; capabilities include local script execution and file writing; sanitization is not explicitly defined for input content.\n- [SAFE]: Analysis of all scripts and instruction files revealed no malicious patterns. There are no hardcoded credentials, obfuscated sections, or attempts at persistence. The skill follows secure design principles by leveraging specialized subagents and minimizing the main agent's exposure to raw source data.

bmad-distillator