markitdown

The provided fragment is a documentation/API reference and contains no direct malicious code. However, the documented features (third-party plugins via package entry_points, custom converters executing in-process, and optional outbound LLM/Azure integrations) create realistic supply-chain and data-exfiltration risks: a malicious or compromised plugin or converter can read sensitive documents, environment variables, and then exfiltrate them to remote services. Treat plugins and custom converters as untrusted code, use least-privilege credentials, run conversions in isolated environments for sensitive data, and vet and lock plugin dependencies before installation.