Skills
skills/intellectronica/agent-skills/markdown-converter/Gen Agent Trust Hub

markdown-converter

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (SAFE): The skill uses uvx to fetch and run the markitdown package from PyPI. Since the tool is authored by Microsoft, which is a trusted organization, the download is considered safe per the trust-scope rules.
  • COMMAND_EXECUTION (SAFE): The skill executes shell commands to perform document conversion. This is the intended primary purpose of the skill and does not involve privilege escalation or suspicious persistent patterns.
  • PROMPT_INJECTION (LOW): This skill is susceptible to Indirect Prompt Injection (Category 8).
  • Ingestion points: Processes arbitrary local files (PDF, Word, Excel, etc.) and remote YouTube URLs provided by the user or external sources.
  • Boundary markers: No specific delimiters or instructions are provided to the agent to ignore instructions embedded within the converted text.
  • Capability inventory: Executes shell commands via uvx which could be influenced if the agent obeys instructions found inside a converted document.
  • Sanitization: No sanitization or filtering of the document content is performed before it is presented to the LLM.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 04:49 PM