doc-to-markdown
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODEEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill processes untrusted Word documents to generate Markdown for AI consumption, creating a surface for embedded instructions to hijack agent behavior. 1. Ingestion: Word documents via command line arguments. 2. Boundaries: None specified in the documentation. 3. Capabilities: File system writes and subprocess execution. 4. Sanitization: None mentioned.
- [No Code] (HIGH): Critical logic files including 'convert_word_to_markdown.py', 'convert_with_images.py', and 'setup_venv.sh' are missing from the provided content, preventing full verification.
- [Command Execution] (MEDIUM): The 'MARKITDOWN_CMD' environment variable allows for arbitrary command substitution during execution, which could be exploited for RCE.
- [External Downloads] (LOW): Requires installation of 'markitdown' and 'uv'. Dependencies from 'microsoft' are considered trusted under the [TRUST-SCOPE-RULE], though their installation still requires caution.
Recommendations
- AI detected serious security threats
Audit Metadata