markitdown
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides a set of instructions and scripts for using the Microsoft MarkItDown library, which is a verified and trusted tool for document conversion.
- [SAFE]: All external references, such as GitHub repositories and package installations, point to trusted organizations (Microsoft) or official registries (PyPI).
- [SAFE]: Security best practices are followed for credential management, advising users to store sensitive API keys in environment variables rather than hardcoding them.
- [SAFE]: The provided Python and Bash scripts for batch processing are implemented using standard, safe practices for handling files and parallel tasks.
- [SAFE]: The skill inherently processes untrusted data (documents and web content) to generate Markdown for LLM ingestion, creating a surface for indirect prompt injection. This is a characteristic of the tool's primary purpose and is documented as a known risk factor.
- [SAFE]: Support for third-party plugins is a documented feature of the library. While this involves dynamic loading of code from installed packages, the skill itself does not facilitate the installation or execution of untrusted plugins.
Audit Metadata