The Agent Skills Directory

[Prompt Injection] (HIGH): The skill is highly vulnerable to indirect prompt injection. It ingests untrusted data from multiple file formats and converts it to Markdown for agent consumption without implementing boundary markers or sanitization. Evidence: File reading logic in csv_converter.py, html_converter.py, and markitdown_converters.py lacks any delimiters (e.g., XML tags) to separate document content from agent instructions, allowing instructions embedded in external files to potentially override agent behavior.
[External Downloads] (MEDIUM): The skill requires a large number of external Python dependencies (e.g., markitdown, beautifulsoup4, pymupdf) which increases the supply chain attack surface. The installation instructions also point to an unverified third-party GitHub repository.
[Command Execution] (MEDIUM): The implementation uses dynamic package loading via __import__ in scripts/converters/base.py for dependency checking. While the import names are derived from static class attributes, this pattern is less secure than standard static imports and can be abused if class metadata is manipulated.
[No Code] (LOW): The files scripts/converters/pdf_converter.py and scripts/converters/xlsx_converter.py are imported by the package but their contents were not provided in the skill manifest, preventing a full security audit of those specific components.

markdown