typst-paper
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The
scripts/compile.pyscript executes thetypstbinary viasubprocess.run. It correctly passes arguments as a list and avoids usingshell=True, which prevents shell injection vulnerabilities. This is the primary and intended function of the skill. - PROMPT_INJECTION (SAFE): The
scripts/parsers.pyfile contains logic for processing untrusted document content for text analysis. It includes sanitization steps using regex to remove comments, math, and code blocks, which helps mitigate risks associated with indirect prompt injection. - SAFE (SAFE): No findings were detected across all other categories, including data exfiltration, obfuscation, hardcoded credentials, or persistence mechanisms. The skill relies on standard dependencies and follows appropriate design patterns.
Audit Metadata