Skills
skills/hytidel/auto-tutor/everything-to-markdown/Gen Agent Trust Hub

everything-to-markdown

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [DATA_EXFILTRATION]: The skill's primary function involves reading local files and uploading them to an external service (mineru.net) for processing. While this is the intended behavior, it creates a potential path for data exfiltration if the agent is manipulated into processing sensitive system files (e.g., SSH keys or configuration files).
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It processes content from external documents (PDFs, images, URLs) and provides the resulting Markdown to the agent. Maliciously crafted input documents could contain instructions designed to influence the agent's behavior after the conversion task is complete.
  • Ingestion points: File scripts/convert_to_markdown.py downloads results from an external API.
  • Boundary markers: Absent. The skill does not provide instructions to the agent to treat the converted content as untrusted.
  • Capability inventory: The skill possesses file read access (any local path), network upload capabilities (mineru.net), and local file write access (./tmp directory).
  • Sanitization: No validation or sanitization is performed on the content retrieved from the external service before it is presented to the agent.
  • [EXTERNAL_DOWNLOADS]: The script downloads ZIP files containing the conversion results from mineru.net and cdn-mineru.openxlab.org.cn.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 04:55 AM