typst-author

This fragment documents an #eval primitive that executes arbitrary Typst code from a string with an injectable scope. The documentation alone contains no direct malicious code, but the API is intrinsically dangerous: untrusted `source` or a `scope` containing secrets can lead to arbitrary code execution, data exposure, or other side effects depending on the Typst runtime capabilities. Because no implementation or sandbox guarantees are provided, treat use of #eval as a high-risk operation and avoid passing untrusted input. If necessary, require a strong sandbox, capability restrictions, or an allowlist of safe operations and ensure sensitive data is never placed in `scope`.