markitdown
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill creates a surface for indirect prompt injection by converting untrusted content (PDFs, Office documents, web pages) into Markdown intended for LLM processing.
- Ingestion points: File paths processed in
scripts/batch_convert.pyand viaMarkItDown.convert()calls documented inSKILL.md. - Boundary markers: Absent. The Markdown output is generated and written to files without specific delimiters or instructions to the LLM to ignore embedded commands within the converted text.
- Capability inventory: The skill possesses file system write access (
scripts/batch_convert.py) and network capabilities for YouTube transcript extraction and cloud-based AI integrations (Azure/OpenAI). - Sanitization: No sanitization or filtering of the extracted text content is identified in the provided logic.
- External Downloads (SAFE): The skill documentation encourages the installation of the
markitdownpackage and its dependencies from PyPI. The package is maintained by Microsoft, a trusted organization, and no suspicious installation patterns were detected.
Audit Metadata