markitdown

Warn

Audited by Snyk on Jun 17, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.70). Outsider free text can be ingested when the user converts an outsider-authored file (e.g., a PDF/HTML/YouTube transcript from the public web or other parties); MarkItDown reads that file’s extracted text and feeds it into the LLM for AI image descriptions via md.convert(...) in scripts/convert_with_ai.py (and similarly in other conversion paths when llm_client/llm_model are set).

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 0.70). The prompt explicitly instructs running a privileged system install ("sudo apt-get install tesseract-ocr"), which asks the agent/user to obtain sudo privileges and thereby can modify the machine state.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 17, 2026, 01:37 AM
Issues
2
Security Audit — snyk — markitdown