markitdown-converter
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes a local Python CLI wrapper via shell commands to handle file conversion tasks.
- [EXTERNAL_DOWNLOADS]: Fetches the 'markitdown' library from Microsoft, which is a well-known and trusted service.
- [PROMPT_INJECTION]: Vulnerable to indirect prompt injection via document processing. Text from untrusted files is extracted and stored in agent memory, potentially allowing embedded instructions to influence future agent behavior. * Ingestion points: Untrusted files uploaded via Telegram (referenced in SKILL.md). * Boundary markers: No explicit delimiters or safety instructions are present in the processing logic. * Capability inventory: Includes shell command execution and writing to agent memory. * Sanitization: No sanitization or validation of extracted text is performed before storage.
Audit Metadata