markitdown
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to install the 'markitdown' Python package and its various extras (pdf, docx, audio, etc.) from PyPI. This is a legitimate utility provided by Microsoft.
- [COMMAND_EXECUTION]: Provides various shell commands and Python scripts for executing the conversion process, including batch processing loops and Docker execution commands.
- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by facilitating the conversion of untrusted external content (PDFs, Word documents, Excel files, and YouTube transcripts) into a format intended for ingestion by an AI model. Malicious instructions embedded in these source documents could potentially influence the behavior of the agent processing the output.
- Ingestion points: Processes local files in multiple formats and fetches content/metadata from YouTube URLs via the 'markitdown' utility as described in SKILL.md.
- Boundary markers: The provided examples do not include boundary markers or system instructions to ignore embedded commands within the converted text.
- Capability inventory: The documented patterns include file system writes (output redirection), batch processing via shell loops, and network communication with Azure Document Intelligence or OpenAI services.
- Sanitization: The skill does not describe or implement sanitization of the converted content to prevent semantic injection attacks.
Audit Metadata