markitdown
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The SKILL.md file includes instructions that attempt to override the agent's behavior by mandating that 'Scientific schematics should be generated by default' and referencing a specific identity or system called 'Nano Banana Pro'.
- [COMMAND_EXECUTION]: The documentation provides a command for the agent to execute a script (
python scripts/generate_schematic.py) that is missing from the skill's file list. - [EXTERNAL_DOWNLOADS]: The skill integrates the
markitdowntool from Microsoft's official GitHub repository and suggests discovering plugins via community sources on GitHub. - [PROMPT_INJECTION]: The conversion of untrusted files (PDF, DOCX, etc.) into Markdown creates a surface for indirect prompt injection. Ingestion points:
scripts/batch_convert.py,scripts/convert_literature.py, andscripts/convert_with_ai.py. Boundary markers: No explicit delimiters are used to isolate converted content from agent instructions. Capability inventory: The agent is permitted to useBashandWritetools. Sanitization: No input content validation or sanitization is performed prior to processing.
Audit Metadata