Trust Assessment
markdown-converter received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Skill allows arbitrary endpoint for document processing, enabling data exfiltration.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on June 1, 2026 (commit 9b0e00ad). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill allows arbitrary endpoint for document processing, enabling data exfiltration The `markdown-converter` skill describes the use of the `uvx markitdown` tool, which includes an option (`-e ENDPOINT`) to specify an arbitrary URL for services like Azure Document Intelligence. While intended for legitimate cloud services, this option allows an agent to be prompted to send the contents of local files to any URL provided by a malicious user. This creates a direct and credible vector for data exfiltration of sensitive local files processed by the skill. Restrict the `ENDPOINT` option to a predefined allow-list of trusted Azure Document Intelligence URLs. If arbitrary endpoints are strictly necessary, implement robust validation and require explicit user confirmation before sending data to untrusted destinations. Additionally, ensure the agent's execution environment has appropriate network egress controls to prevent unauthorized data transfers. | LLM | SKILL.md:30 |
Scan History
Embed Code
[](https://skillshield.io/report/bb42cdfd61afc5ab)
Powered by SkillShield