markitdown

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] hardcoded_secrets: Hardcoded API key detected (HS001) [AITech 8.2] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] hardcoded_secrets: Hardcoded API key detected (HS001) [AITech 8.2] [CRITICAL] hardcoded_secrets: Hardcoded API key detected (HS001) [AITech 8.2] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] The skill description is coherent with its stated purpose and aligns with legitimate functionality. External AI integrations are expected given the AI-enhanced features, but they require prudent secret management and data governance. No malicious behavior is evident in the fragment itself; ensure that API keys are not logged or embedded, and that user data is handled securely when transmitting to third-party services. LLM verification: This SKILL.md file appears to be legitimate documentation for a document-to-Markdown conversion tool. There is no direct evidence of malicious code or obfuscation in the provided content. The main security concerns are: (1) when users enable optional integrations (OpenRouter LLM, Azure Document Intelligence) the tool will send extracted document contents and any provided API keys to remote services, so users must trust those endpoints; (2) the plugin system allows installation/execution of third