convert
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill implements a mechanism to access local files by converting user-provided paths into
file://URIs. This allows for the reading of arbitrary files on the system, including sensitive configuration or credential files, which can then be displayed in the agent's output. - [EXTERNAL_DOWNLOADS]: The skill retrieves content from external sources via
http,https, anddataURIs. This constitutes a network-based ingestion point for untrusted data. - [PROMPT_INJECTION]: The skill facilitates indirect prompt injection by processing external data (from files or URLs) and returning it to the agent as Markdown. Maliciously crafted content could contain instructions designed to override agent behavior.
- Ingestion points: The
$ARGUMENTSvariable is used to construct a URI for theconvert_to_markdowntool inSKILL.md. - Boundary markers: None identified. The agent is not instructed to isolate or ignore instructions within the converted content.
- Capability inventory: Uses the
convert_to_markdowntool from the markitdown MCP server. - Sanitization: None. The skill performs path resolution but does not sanitize the content retrieved from the target URI.
Audit Metadata