Skills
skills/flight505/claude-project-planner/markitdown/Gen Agent Trust Hub

markitdown

Warn

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted external data (PDFs, images, websites, and YouTube transcripts) and converts them to Markdown for the agent's context. This creates a surface for indirect prompt injection where malicious instructions hidden in these files could influence the agent's actions.
  • Ingestion points: markitdown.convert() calls in scripts/batch_convert.py, scripts/convert_literature.py, and scripts/convert_with_ai.py.
  • Boundary markers: Extracted content is written to Markdown files without explicit boundary delimiters or instructions for the agent to ignore embedded commands.
  • Capability inventory: The agent has access to Read, Write, Edit, and Bash tools.
  • Sanitization: No specific filtering or sanitization of the extracted text content is performed before it is presented to the agent.
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to install system dependencies (such as Tesseract and Poppler) and execute Python scripts. The provided scripts also use ThreadPoolExecutor for parallel processing of conversion tasks.
  • [REMOTE_CODE_EXECUTION]: The skill documentation describes and supports a plugin system that allows for the discovery and loading of 3rd-party code at runtime via Python entry points, which can be used to extend functionality but increases the execution surface.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 24, 2026, 11:17 AM