markitdown
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the
markitdownpackage and its optional feature sets (e.g.,pdf,ocr,audio) from standard package registries. This dependency is an official open-source project from Microsoft, a well-known and trusted organization. - [COMMAND_EXECUTION]: Provides detailed instructions for using the
markitdowncommand-line interface, including examples for piping document data through stdin and redirecting output to the file system. These are standard operations for the tool's intended use case. - [PROMPT_INJECTION]: As the skill is designed to ingest and transform untrusted external documents (PDF, Office, HTML, Images) for LLM consumption, it presents a risk surface for indirect prompt injection.
- Ingestion points: Document data enters the processing pipeline via the
md.convert()method referenced across all provided files (e.g.,SKILL.md,examples.md,patterns.md). - Boundary markers: The documentation acknowledges these risks and provides specific patterns in
patterns.mdandreference.mdfor implementing secure processing boundaries. - Capability inventory: The skill examples demonstrate file read/write operations, network access to AI APIs (OpenAI and Azure), and shell command execution.
- Sanitization: The skill author has included detailed guidance on mitigations, including MIME type validation, file size limitations, and sandboxed execution environments to prevent malicious files from compromising the host or the downstream LLM session.
Audit Metadata