markitdown
Warn
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The documentation in
INSTALLATION_GUIDE.mdandOPENROUTER_INTEGRATION.mdprovides instructions for users to append environment variable exports to shell configuration files (~/.bashrcand~/.zshrc), which is a technique used to maintain persistent access or configuration changes across sessions. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to ingest and process untrusted external data (PDF, DOCX, XLSX, etc.) into the agent's context without employing explicit boundary markers or sanitization.
- Ingestion points: Files are processed via
SKILL.mdand Python scripts (scripts/batch_convert.py,scripts/convert_literature.py,scripts/convert_with_ai.py). - Boundary markers: None identified; converted text is processed directly without delimiters or 'ignore' instructions.
- Capability inventory: The skill is granted
Read,Write,Edit, andBashtools inSKILL.md. - Sanitization: Examples in
SKILL.mdshow basic whitespace reduction, but no systematic filtering of instruction-like patterns in converted content. - [EXTERNAL_DOWNLOADS]: The skill provides instructions for installing the
markitdownpackage and its dependencies from official repositories. It also fetches data from well-known services including OpenRouter and Microsoft Azure's Document Intelligence.
Audit Metadata