markitdown
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates indirect prompt injection by extracting and presenting content from untrusted external files. * Ingestion points: The
scripts/convert.pyscript reads user-specified files and extracts text content using the MarkItDown library. * Boundary markers: Extracted text is returned to the agent without delimiters or instructions to ignore potential commands within the document. * Capability inventory: The skill possesses the ability to execute shell commands (viabash) and Python scripts, which could be leveraged if the agent obeys instructions found within a processed document. * Sanitization: No sanitization or validation is applied to the content extracted from the documents. - [EXTERNAL_DOWNLOADS]: The
ensure_markitdownfunction inscripts/convert.pydownloads and installs themarkitdown[all]package from the official Python Package Index (PyPI) at runtime. This package is maintained by Microsoft, a well-known technology provider. - [COMMAND_EXECUTION]: The skill uses
subprocess.runinscripts/convert.pyto install dependencies and is invoked through shell commands defined in theSKILL.mdprocedure.
Audit Metadata