Skills
skills/coroboros/agent-skills/markitdown/Gen Agent Trust Hub

markitdown

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill relies on the markitdown Python package, which is an open-source tool developed by Microsoft. It provides instructions for users to install this dependency via pip.
  • [COMMAND_EXECUTION]: The skill uses a Bash script to coordinate the markitdown CLI. It executes commands to validate inputs, create output directories, and perform the document conversion process.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests and processes untrusted data from external sources.
  • Ingestion points: The skill reads user-provided file paths and URLs (e.g., PDFs, Word docs, YouTube videos) via the $INPUT argument in scripts/markitdown.sh.
  • Boundary markers: The script uses a --- separator to delimit the conversion metadata from the extracted Markdown content in its output.
  • Capability inventory: The skill has access to Bash (for running the conversion script and the markitdown CLI) and the Read tool.
  • Sanitization: The script performs basic validation of input existence and URL protocol prefixes, but it does not sanitize the content extracted from the documents before it is returned to the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 07:10 AM
Security Audit — agent-trust-hub — markitdown