Skills
skills/steipete/agent-scripts/markdown-converter/Gen Agent Trust Hub

markdown-converter

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The skill utilizes 'uvx' to fetch and run the 'markitdown' Python package dynamically. Although 'markitdown' is provided by Microsoft (a trusted organization), this mechanism introduces a dependency on the availability and integrity of PyPI at runtime.
  • [PROMPT_INJECTION] (LOW): This skill is highly susceptible to indirect prompt injection because its primary function is to convert untrusted content for LLM consumption.
  • Ingestion points: User-provided files (PDF, Word, Excel, HTML, CSV, etc.) and remote YouTube URLs.
  • Boundary markers: Absent. There are no instructions to the agent to treat the converted content as data rather than instructions.
  • Capability inventory: File system read/write, network access for YouTube and Azure endpoints via markitdown.
  • Sanitization: Absent. The tool extracts text but does not filter out potential adversarial instructions embedded in the documents.
  • [COMMAND_EXECUTION] (SAFE): Standard usage of CLI tools to process local files as described in the skill's purpose.
  • [DATA_EXFILTRATION] (LOW): The skill supports the '--endpoint' flag, which sends document data to external Azure AI services. While this is a legitimate feature, it facilitates external data transfer.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:26 PM