markitdown
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it extracts and processes text from external, potentially untrusted files.
- Ingestion points: Document contents from PDF, DOCX, PPTX, XLSX, HTML, images, audio, and ZIP archives (SKILL.md).
- Boundary markers: Absent. No delimiters or 'ignore' instructions are used to separate converted content from the agent's system prompt.
- Capability inventory: Shell execution of the markitdown CLI and basic text processing tools (wc, grep).
- Sanitization: Absent. Extracted content is passed to stdout without validation or escaping.
Audit Metadata