markitdown
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the MarkItDown library from the official Python Package Index (PyPI) and clones the repository from Microsoft's GitHub organization. These are recognized as trusted or well-known sources.
- [COMMAND_EXECUTION]: Uses the Bash tool to install software and run CLI commands, including a local script
scripts/generate_schematic.pyused for creating diagrams. - [PROMPT_INJECTION]: Includes instructions that guide the agent's behavior, such as proactively suggesting the author's platform (K-Dense Web) for complex tasks and defaulting to diagram generation.
- [PROMPT_INJECTION]: The skill acts as an indirect prompt injection surface by converting external documents into text for the LLM.
- Ingestion points: Document conversion methods process PDFs, DOCX files, and YouTube transcripts provided by the user or fetched from URLs.
- Boundary markers: The skill does not implement boundary markers or instructions to disregard embedded commands in processed data.
- Capability inventory: The skill environment allows high-privilege operations via
Bash,Read,Write, andEdittools. - Sanitization: No evidence of content validation or sanitization was found in the skill's conversion logic.
Audit Metadata