markdown-tools
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection because it processes untrusted external document data which could contain malicious instructions meant to influence agent behavior.\n
- Ingestion points: Document files (.pdf, .doc, .docx, .pptx) are read and processed by the markitdown utility (referenced in SKILL.md) and the extraction script (scripts/extract_pdf_images.py).\n
- Boundary markers: None; there are no instructions or delimiters provided to ensure the agent ignores embedded instructions within the document content.\n
- Capability inventory: The skill provides examples of shell command execution for batch processing in conversion-examples.md and local file system write access for image extraction in scripts/extract_pdf_images.py.\n
- Sanitization: None; document content is extracted and converted directly into markdown format without filtering or validation.\n- EXTERNAL_DOWNLOADS (LOW): The skill instructs the installation of markitdown and pymupdf. The severity is downgraded to LOW as markitdown is maintained by a trusted organization (Microsoft) and both packages are essential for the primary purpose of the skill.
Audit Metadata