Skills
skills/steveclarke/dotfiles/to-markdown/Gen Agent Trust Hub

to-markdown

Pass

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill converts untrusted external files (PDF, Word, HTML, YouTube transcripts, etc.) into text, creating a surface for indirect prompt injection where malicious instructions inside a document could attempt to influence agent behavior.
  • Ingestion points: File paths provided by the user are passed to the markitdown utility in SKILL.md.
  • Boundary markers: No delimiters are used to wrap the output of the conversion.
  • Capability inventory: The skill performs shell execution of the conversion tool and supports writing to the filesystem.
  • Sanitization: Content extracted from external files is not validated or sanitized.
  • [EXTERNAL_DOWNLOADS]: The skill installs the markitdown utility from Microsoft's official repository using the Python package manager.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 21, 2026, 01:33 PM