markitdown
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the 'markitdown' package and its various feature-specific extensions (e.g., pdf, audio, youtube) from standard package registries. It also references the use of external APIs from trusted providers like Azure and OpenAI.
- [COMMAND_EXECUTION]: The skill includes a dedicated Python utility (
scripts/batch_convert.py) and examples for using its command-line interface to perform bulk document conversions and file system operations. - [DATA_EXFILTRATION]: The conversion process involves sending document and image data to trusted external services (Azure Document Intelligence and OpenAI) for layout analysis, OCR, and visual descriptions. This behavior is clearly documented and essential to the skill's primary function.
- [PROMPT_INJECTION]: As a document conversion tool, the skill represents a surface for indirect prompt injection if malicious instructions are embedded in the files being processed (e.g., PDFs or HTML pages).
- Ingestion points: Converts user-supplied local files and remote content from URLs (YouTube transcripts, web pages) via the
md.convert()method. - Boundary markers: None identified; output is provided as raw Markdown content to the agent.
- Capability inventory: Includes file system writes (via batch script), network operations (for remote content and AI APIs), and CLI execution.
- Sanitization: The conversion logic focuses on formatting and does not explicitly sanitize the extracted text for embedded instructions before presenting it to the agent.
Audit Metadata