to-markdown
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands for environment setup, specifically using
uv pip installfor Python packages and system package managers likeaptorbrewfor OCR tools. - [EXTERNAL_DOWNLOADS]: The skill downloads software and configuration from reputable sources, including official Python packages (markitdown, trafilatura) and browser binaries for Playwright.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes untrusted content from external URLs and documents.
- Ingestion points: Web URLs and various local file types (PDF, Office, Images) as specified in SKILL.md and fetch.md.
- Boundary markers: Absent; there are no specific instructions to use delimiters or ignore instructions within the converted content.
- Capability inventory: The skill can install arbitrary packages, run Python scripts, execute shell commands, and write files to the system.
- Sanitization: Content is formatted into Markdown using library-standard conversion logic without explicit sanitization or filtering of potential injection patterns.
Audit Metadata