markitdown
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill specifies installation of the
markitdownpackage and its dependencies. Since Microsoft is a trusted organization, this dependency is classified as low risk per the [TRUST-SCOPE-RULE]. - [PROMPT_INJECTION] (LOW): This skill presents an indirect prompt injection surface (Category 8) because it extracts content from untrusted external documents (PDF, DOCX, etc.) to be processed by an LLM.
- Ingestion points: File conversion via
md.convert()inscripts/batch_convert.pyandSKILL.mdexamples. - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are implemented in the conversion logic.
- Capability inventory: File system read/write access and network access for Azure and OpenAI integrations.
- Sanitization: No explicit sanitization or escaping of extracted document text is performed before it is provided to the agent.
- [COMMAND_EXECUTION] (SAFE): The provided
scripts/batch_convert.pyutility follows best practices for command-line argument parsing and file system interactions; no arbitrary command injection vulnerabilities were found. - [CREDENTIALS_UNSAFE] (SAFE): API keys for Azure and OpenAI are appropriately handled via environment variables and standard CLI arguments, with no hardcoded secrets detected in the source code.
Audit Metadata