Skills
skills/eturkes/claude-scientific-skills/markitdown/Gen Agent Trust Hub

markitdown

Warn

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/generate_schematic.py uses subprocess.run to execute scripts/generate_schematic_ai.py. This chain of execution passes user-controlled prompts and file paths as arguments to secondary Python processes.
  • [EXTERNAL_DOWNLOADS]: Documentation in SKILL.md and references/api_reference.md encourages the use of third-party plugins identified by a GitHub hashtag. This creates a supply chain risk by directing the agent or user to execute unverified code from unvetted sources.
  • [DATA_EXFILTRATION]: Document content and generated diagrams are sent to OpenRouter API endpoints for processing. This involves transmitting user-controlled data to an external service provider.
  • [PROMPT_INJECTION]: The skill processes untrusted file formats and returns their content as Markdown to the agent context, creating an indirect prompt injection surface (Category 8).
  • Ingestion points: The md.convert() method in scripts like batch_convert.py, convert_literature.py, and convert_with_ai.py.
  • Boundary markers: Absent in the converted Markdown output.
  • Capability inventory: The agent has access to Read, Write, Edit, and Bash tools, providing a high-impact exploitation target.
  • Sanitization: No sanitization or filtering is performed on extracted text before it is returned to the agent context.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 16, 2026, 10:50 PM