markitdown
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill utilizes the 'markitdown' library, which is an official tool from Microsoft, a recognized trusted organization. The logic is consistent with the primary purpose of document conversion.
- [COMMAND_EXECUTION]: The skill instructions include shell commands for installing dependencies and executing file conversions. These are transparent, use standard utilities, and are restricted to the skill's stated functionality.
- [EXTERNAL_DOWNLOADS]: The skill downloads dependencies from official Python and system registries (PyPI and apt). It also describes the use of 'curl' to download remote files for conversion, which is a standard procedure for document processing.
- [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted external content (various document types and YouTube transcripts) into the agent's context. This constitutes a surface for indirect prompt injection, which is an inherent risk of document processing tools.
- Ingestion points: Document conversion via 'markitdown' and remote downloads via 'curl'.
- Boundary markers: No explicit delimiters or safety instructions are defined to wrap the converted markdown output.
- Capability inventory: The skill utilizes shell execution and file system access across its workflows.
- Sanitization: No specific sanitization or filtering logic is prescribed for the text extracted from documents before it is presented to the agent.
Audit Metadata