Files & Attachments
Files are first-class citizens in MeetLoyd. You can upload documents to conversations, attach files in chat, and let agents generate documents on the fly. Every file is security-scanned before processing.
How It Works
When you attach a file in chat, MeetLoyd:
- Scans the file through a zero-trust security pipeline
- Parses the content automatically (text extraction from PDFs, DOCX, XLSX, etc.)
- Injects the full parsed content into the agent's prompt
- Stores a compact summary in conversation history
The agent can immediately read, analyze, and reference your documents -- no manual download needed.
Supported Formats
| Format | Extensions | Max Size |
|---|---|---|
.pdf | 50 MB | |
| Word | .docx | 25 MB |
| Excel | .xlsx | 25 MB |
| PowerPoint | .pptx | 100 MB |
| CSV | .csv | 10 MB |
| Text | .txt | 5 MB |
| Markdown | .md | 5 MB |
| JSON | .json | 10 MB |
| Images | .png, .jpg, .gif, .webp | 20 MB |
Legacy Office formats (.doc, .xls, .ppt) are blocked because they use the OLE Compound format which can contain hidden macros and embedded executables. Convert to modern formats (DOCX, XLSX, PPTX) before uploading.
Security Pipeline
Every uploaded file goes through a zero-trust security pipeline before it is stored:
| Check | What It Does |
|---|---|
| Magic bytes verification | Verifies file content matches the claimed MIME type |
| Macro detection | Blocks files containing VBA macros or executable code |
| Zip bomb detection | Detects compression bombs in Office documents |
| XXE prevention | Blocks XML External Entity attacks in Office XML |
| Path traversal blocking | Prevents directory traversal in file names |
| Embedded executable detection | Finds hidden executables inside documents |
| Script injection detection | Catches script tags, event handlers, and JS protocol URIs |
If a file fails the scan, it is quarantined (saved to a secure location, not accessible) and the upload returns an error with details about the threat.
Content Injection
When you attach files to a chat message, MeetLoyd does not just send the agent a download link -- it injects the full parsed content directly into the agent's prompt.
Token Budgets
To prevent excessively long prompts, injected content is token-budgeted per model:
| Model Size | Token Budget |
|---|---|
| Large (Claude Opus/Sonnet, Gemini Pro) | ~16,000 tokens |
| Medium (GPT-4o) | ~12,000 tokens |
| Small (Haiku, Mini) | ~6,000 tokens |
If a file exceeds the budget, content is truncated. When multiple files are attached, the budget is split evenly.
What the Agent Sees vs. What is Stored
| Content | |
|---|---|
| Agent prompt | Full document text (e.g., the complete text of your PDF) |
| Conversation history | A compact summary (e.g., [Attached: Q4.pdf (3 pages, 2.1k words)]) |
This keeps conversation history lightweight while giving agents full context when they need it.