markitdown
Warn
Audited by Snyk on Jun 17, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.70). Outsider free text can be ingested when the user converts an outsider-authored file (e.g., a PDF/HTML/YouTube transcript from the public web or other parties); MarkItDown reads that file’s extracted text and feeds it into the LLM for AI image descriptions via
md.convert(...)inscripts/convert_with_ai.py(and similarly in other conversion paths whenllm_client/llm_modelare set).
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 0.70). The prompt explicitly instructs running a privileged system install ("sudo apt-get install tesseract-ocr"), which asks the agent/user to obtain sudo privileges and thereby can modify the machine state.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata