Skills
skills/arda-industries/agent-skills/x-convert-pdf-to-markdown/Gen Agent Trust Hub

x-convert-pdf-to-markdown

Pass

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The marker-pdf tool initiates a one-time download of approximately 2GB of machine learning models upon first execution. This is standard behavior for the library but involves fetching binary data from external sources.
  • [COMMAND_EXECUTION] (LOW): The skill uses poetry run to execute local CLI tools. These commands are static and used for the skill's primary purpose of file conversion.
  • [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection (Category 8).
  • Ingestion points: Processes untrusted external data via the /path/to/file.pdf argument in both PyMuPDF and marker-pdf tools.
  • Boundary markers: Absent; the skill does not wrap the converted output in delimiters or provide warnings to the agent regarding potential instructions in the output.
  • Capability inventory: Uses subprocess execution via poetry run (captured in SKILL.md).
  • Sanitization: Absent; the conversion process extracts text directly without filtering for malicious prompt patterns.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 21, 2026, 04:13 AM