The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill's plugin system allows for the installation and execution of code from unverified remote sources.
Evidence: The command markit plugin install git:github.com/user/markit-plugin-ocr fetches and executes code directly from an arbitrary GitHub repository.
Evidence: The command markit plugin install npm:markit-plugin-dwg allows installing unversioned packages from the npm registry, which may execute arbitrary code during the installation or runtime phases.
[EXTERNAL_DOWNLOADS]: The skill performs network requests to arbitrary external domains for content conversion and plugin retrieval.
Evidence: CLI commands like markit https://example.com/article fetch data from user-supplied URLs to the local environment.
Evidence: Network retrieval of plugins from GitHub and npm registries occurs during the plugin installation process.
[PROMPT_INJECTION]: The skill is highly vulnerable to indirect prompt injection due to its core function of ingesting untrusted data.
Ingestion points: External URLs, PDF files, Word documents, images, and audio files are processed and converted into text.
Boundary markers: None. The skill does not implement delimiters or instructions to prevent the agent from obeying instructions embedded within the converted content.
Capability inventory: The skill has access to the local file system (via markit -o), network fetch capabilities, and the ability to execute code via plugins.
Sanitization: No sanitization or instruction filtering is performed on the content retrieved from external sources before it is converted to markdown for agent consumption.
[COMMAND_EXECUTION]: The skill relies on global installation and CLI execution, which can lead to unintended system changes.
Evidence: Instructions for npm install -g markit-ai and local configuration via markit init involve file system modifications and administrative-level package management.

markit-markdown-converter