markitdown
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it is designed to ingest untrusted data from various external sources (PDFs, Office docs, web pages, and YouTube transcripts) and convert it into Markdown optimized for LLM processing.
- Ingestion points: Untrusted content is processed in
SKILL.mdandreferences/web_content.mdvia web fetching and file conversion. - Boundary markers: No evidence of boundary markers or instructions to ignore embedded commands was found in the provided conversion logic.
- Capability inventory: The skill has file-write capabilities via
scripts/batch_convert.pyand network access via theMarkItDownconversion logic. - Sanitization: No sanitization or filtering of external content is demonstrated in the implementation examples.
- [EXTERNAL_DOWNLOADS]: The skill fetches content from external web URLs and YouTube as part of its core functionality. While these target well-known services, they involve downloading data from attacker-controlled or third-party web pages and videos. This is documented in
references/web_content.mdusingrequestsand theyoutube-transcript-api.
Audit Metadata