markdown-converter
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted documents (PDF, Word, Excel, YouTube URLs, etc.) and converts them to Markdown for AI consumption. This creates a vulnerability to indirect prompt injection where an attacker could embed malicious instructions within a document to hijack the behavior of the AI agent processing the output.
- Ingestion points:
scripts/convert.pyandscripts/convert.shingest arbitrary external files provided as arguments. - Boundary markers: The skill lacks boundary markers or system instructions to distinguish between the converter's output and potentially malicious instructions within the converted content.
- Capability inventory: The skill possesses file-write capabilities (saving converted documents) and file-read capabilities.
- Sanitization: No content sanitization or filtering is performed on the text extracted from documents before it is returned to the agent.
- [COMMAND_EXECUTION]: The shell script
scripts/convert.shand the documentation inSKILL.mdcontain hardcoded absolute paths to a specific user directory (/Users/johannwaldherr/.local/bin/markitdown). While not inherently malicious, executing binaries from a hardcoded personal directory is a risk factor as it assumes the environment is controlled by that specific user and lacks portability or validation.
Audit Metadata