markitdown
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill creates a virtual environment and installs the 'markitdown' package with all extras from the official Python Package Index (PyPI) during installation.
- [PROMPT_INJECTION]: The skill functions as a parser for external, untrusted data formats (PDF, Office docs, YouTube transcripts), which presents an indirect prompt injection vulnerability surface.
- Ingestion points: File paths and external URLs (YouTube) passed to the CLI tool for conversion, as described in SKILL.md.
- Boundary markers: Absent. Extracted content is not enclosed in specific delimiters to warn the agent about untrusted data.
- Capability inventory: The skill reads local files and fetches remote content to produce Markdown for agent analysis.
- Sanitization: No sanitization, escaping, or instruction-filtering is performed on the content extracted from processed files.
Audit Metadata