markitdown-skill
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (SAFE): The skill instructs the installation of
markitdownandmarkitdown-mcpfrom PyPI and GitHub. These are owned by Microsoft, which is a Trusted GitHub Organization. Per [TRUST-SCOPE-RULE], these downloads are considered safe. - PROMPT_INJECTION (LOW): The skill identifies a significant surface for Indirect Prompt Injection (Category 8). Its primary purpose is to convert untrusted external data (YouTube transcripts, RSS feeds, HTML, PDFs) into Markdown for LLM consumption.
- Ingestion points:
markitdown.convert()is used on external URLs and user-uploaded files. - Boundary markers: The provided examples do not demonstrate the use of XML tags or delimiters to isolate converted content from agent instructions.
- Capability inventory: The skill allows the agent to process and potentially act upon data retrieved from the web.
- Sanitization: No sanitization or 'ignore instructions' prefixes are included in the implementation snippets.
- COMMAND_EXECUTION (SAFE): The documented CLI and Docker commands are standard for the tool's operation and do not involve suspicious shell piping or privilege escalation.
Audit Metadata