markitdown
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/generate_schematic.pyusessubprocess.runto invoke a secondary Python script for AI schematic generation. This is implemented using list-style arguments, which is a secure practice that avoids the risks of shell injection. - [EXTERNAL_DOWNLOADS]: The documentation provides instructions to install the
markitdownlibrary from the official Python Package Index (PyPI) and clone repository data from Microsoft's official GitHub organization. These are recognized trusted sources and well-known services. - [DATA_EXFILTRATION]: Functional scripts perform network requests to the OpenRouter API (
openrouter.ai) to leverage large language models for image description and schematic generation. These operations are necessary for the skill's stated functionality and target a well-known service provider. - [CREDENTIALS_UNSAFE]: The skill manages sensitive API keys (OpenRouter and Azure Document Intelligence) through system environment variables or local configuration files. No hardcoded credentials or private tokens were found in the source code.
Audit Metadata