Skills
skills/steipete/agent-scripts/markdown-converter/Gen Agent Trust Hub

markdown-converter

Pass

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill utilizes uvx to dynamically fetch and execute the markitdown package. This package is an official tool provided by Microsoft, which is a well-known and trusted technology organization.- [COMMAND_EXECUTION]: The skill executes shell commands to perform file conversions. The use of uvx and standard piping mechanisms is consistent with the intended functionality of a command-line conversion utility.- [PROMPT_INJECTION]: As a tool designed to ingest and convert untrusted external files (such as PDF, Word, and HTML) for processing by an LLM, the skill inherently possesses an indirect prompt injection surface.
  • Ingestion points: Processes local files and YouTube URLs through the markitdown utility.
  • Boundary markers: There are no explicit instructions or delimiters defined within the skill to isolate the converted content from the agent's instructions.
  • Capability inventory: The skill reads files from the local filesystem and retrieves external web content.
  • Sanitization: No specific sanitization or filtering of the document's text content is performed prior to conversion.
Audit Metadata
Risk Level
SAFE
Analyzed
May 10, 2026, 09:27 PM
Security Audit — agent-trust-hub — markdown-converter