markitdown
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- External Downloads (LOW): Recommends installing the 'markitdown' package. As this is a Microsoft-maintained project, it is considered a trusted source per [TRUST-SCOPE-RULE].\n- Command Execution (LOW): Uses the Bash tool to run the conversion commands. This is the primary intended behavior for the skill.\n- Prompt Injection (LOW): Susceptible to indirect prompt injection (Category 8) because it processes external files and web content.\n
- Ingestion points: Local documents (PDF, Word, etc.) and remote URLs processed by the markitdown tool in SKILL.md.\n
- Boundary markers: None identified in the skill definition to separate document content from agent instructions.\n
- Capability inventory: The agent has access to the Bash tool to run commands based on output (SKILL.md).\n
- Sanitization: No evidence of sanitization or escaping of the parsed document text before it is returned to the agent context.
Audit Metadata