Skills
skills/sundial-org/awesome-openclaw-skills/markdown-converter/Gen Agent Trust Hub

markdown-converter

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes the markitdown CLI utility via the uvx package runner to perform file conversions.
  • [EXTERNAL_DOWNLOADS]: Dynamically downloads the markitdown package from the Python Package Index (PyPI) at runtime using uvx. This is a well-known tool maintained by Microsoft.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted external data (documents and YouTube transcripts) and converts them for LLM processing.
  • Ingestion points: Local files (PDF, Word, Excel, etc.) and YouTube URLs via CLI arguments.
  • Boundary markers: Absent; the skill does not wrap the converted output in delimiters or provide 'ignore instructions' warnings.
  • Capability inventory: Execution of uvx markitdown with access to local filesystem and network for remote URL processing.
  • Sanitization: Absent; the skill relies on the underlying tool for parsing and the agent's internal filters for safety.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 01:46 PM