Skills
skills/bmad-labs/skills/bmad-distillator/Gen Agent Trust Hub

bmad-distillator

Pass

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its primary function is to ingest and transform untrusted data from source documents.
  • Ingestion points: The source_documents input (read in Stage 1 and Stage 2) allows external content into the agent context.
  • Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions to separate document content from agent instructions.
  • Capability inventory: The skill has the ability to read files, write new files (distillates and validation reports), and spawn sub-agents.
  • Sanitization: No content sanitization or instruction filtering is implemented before the information extraction phase.
  • [COMMAND_EXECUTION]: The skill executes a local Python script (scripts/analyze_sources.py) to analyze file sizes and groupings. This execution is scoped to a local, verified script included within the skill package and does not accept unvalidated external commands.
Audit Metadata
Risk Level
SAFE
Analyzed
May 10, 2026, 05:26 PM