markitdown
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the conversion of untrusted external documents into Markdown for LLM consumption, creating a surface for indirect prompt injection. \n
- Ingestion points: Document conversion occurs via
markitdown.convert()in several utility scripts (scripts/batch_convert.py,scripts/convert_literature.py,scripts/convert_with_ai.py). \n - Boundary markers: The converted text content is processed without explicit delimiters or instructions to ignore embedded commands. \n
- Capability inventory: The skill environment allows for filesystem operations and network access to AI model providers. \n
- Sanitization: There is no evidence of filtering or validation of the natural language content extracted from the documents.\n- [EXTERNAL_DOWNLOADS]: The skill correctly refers to the official Microsoft GitHub repository for the core library and utilizes established technology services (OpenRouter, Azure) for AI tasks. These references target trusted organizations and well-known services and are documented neutrally.\n- [COMMAND_EXECUTION]: The package contains functional Python scripts for batch processing and automated conversion. While the documentation mentions a schematic generation script that was not provided in the file list, the included scripts perform standard, non-malicious file management and API communication consistent with the skill's purpose.
Audit Metadata