typst-paper
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
subprocessmodule withinscripts/compile.pyandscripts/check_pseudocode.pyto invoke thetypstCLI. These operations are essential for compiling documents, listing system fonts, and querying document metadata, and are implemented using secure coding practices without shell injection vulnerabilities. - [EXTERNAL_DOWNLOADS]: The
scripts/online_bib_verify.pycomponent performs network requests toapi.crossref.organdapi.semanticscholar.org. These are reputable academic services used to validate paper metadata and retrieve missing DOIs, which is a standard requirement for citation verification in academic writing. - [SAFE]: Extensive analysis across all files revealed no patterns of data exfiltration, credential harvesting, or persistence mechanisms. The skill is well-documented and its technical implementation is consistent with its stated goal of assisting with Typst-based research papers.
Audit Metadata