markdown-converter
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data (PDFs, Office documents, YouTube URLs) and converts it to text for the agent. This creates an indirect prompt injection surface where malicious instructions within the data could be followed by the LLM. Ingestion points: local files and external URLs processed via the markitdown CLI. Boundary markers: The documentation does not specify the use of delimiters or specific instructions to ignore instructions within the converted output. Capability inventory: The skill executes the markitdown CLI, which has file-read and network-access capabilities. Sanitization: There is no evidence of sanitization or filtering of the converted Markdown output.- [COMMAND_EXECUTION]: The skill invokes the markitdown CLI (a tool developed by Microsoft) to perform document conversions. This involves subprocess execution with various flags for handling different file formats and features like OCR, transcription, and remote data fetching.
Audit Metadata