markitdown

skills-sh:davila7_claude-code-templates__markitdown

View source

100/100

First Seen

Feb 18, 2026

Last Scanned

Feb 20, 2026

Findings

Score

100/100

LOW 3

Findings (3)

LOW

Git clone and execute chain SUPPLY_012

supply-chain L85

Detects git clone of repositories followed by execution of cloned content

git clone https://github.com/microsoft/markitdown.git + cd markitdown
pip install

FIX

Review the dependency tree for nested or transitive dependencies that introduce risk. Use tools like npm audit or pip-audit to identify known vulnerabilities in the dependency chain.

FP?

Likely FP if the flagged dependency is a standard, widely-used library with no known vulnerabilities at the time of scanning.

LOW

System package manager install EXTDL_011

external-download L457

Detects system-level package installation via brew, apt, yum, or dnf

brew install t

FIX

Pin system packages to specific versions where the package manager supports it. Document the exact packages required and prefer containerized environments to avoid system-wide changes.

FP?

Likely FP if the match is standard setup documentation listing well-known system packages (e.g., apt install git curl) that are prerequisites.

LOW

System package manager install EXTDL_011

external-download L460

Detects system-level package installation via brew, apt, yum, or dnf

apt-get install t

FIX

Pin system packages to specific versions where the package manager supports it. Document the exact packages required and prefer containerized environments to avoid system-wide changes.

FP?

Likely FP if the match is standard setup documentation listing well-known system packages (e.g., apt install git curl) that are prerequisites.