markitdown
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to process untrusted external content (PDFs, Office files, HTML, YouTube transcripts), which could contain instructions meant to hijack agent behavior. Ingestion points: md.convert() handles diverse local and remote file sources. Boundary markers: Absent. Capability inventory: File system access and network requests. Sanitization: Absent.
- Unverifiable Dependencies & Remote Code Execution (LOW): The skill requires installing the markitdown library and its dependencies from PyPI.
- Command Execution (LOW): The documentation includes shell script examples for batch file processing.
- Dynamic Execution (LOW): The skill features a plugin system for custom conversion logic, though it is disabled by default for safety.
Audit Metadata