skills/plurigrid/asi/markitdown/Gen Agent Trust Hub

markitdown

Warn

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The documentation in INSTALLATION_GUIDE.md and OPENROUTER_INTEGRATION.md provides instructions for users to append environment variable exports to shell configuration files (~/.bashrc and ~/.zshrc), which is a technique used to maintain persistent access or configuration changes across sessions.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to ingest and process untrusted external data (PDF, DOCX, XLSX, etc.) into the agent's context without employing explicit boundary markers or sanitization.
  • Ingestion points: Files are processed via SKILL.md and Python scripts (scripts/batch_convert.py, scripts/convert_literature.py, scripts/convert_with_ai.py).
  • Boundary markers: None identified; converted text is processed directly without delimiters or 'ignore' instructions.
  • Capability inventory: The skill is granted Read, Write, Edit, and Bash tools in SKILL.md.
  • Sanitization: Examples in SKILL.md show basic whitespace reduction, but no systematic filtering of instruction-like patterns in converted content.
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions for installing the markitdown package and its dependencies from official repositories. It also fetches data from well-known services including OpenRouter and Microsoft Azure's Document Intelligence.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 17, 2026, 01:37 AM
Security Audit — agent-trust-hub — markitdown