The Agent Skills Directory

[COMMAND_EXECUTION] (SAFE): The scripts/compile.py script uses subprocess.run with argument lists to interface with the typst CLI. This approach avoids shell=True, effectively preventing command injection. Input file paths are resolved via pathlib.Path.resolve() to ensure safe file handling.
[DATA_EXFILTRATION] (SAFE): The skill does not perform any network operations or external data transmissions; it functions locally on the user's document files.
[CREDENTIALS_UNSAFE] (SAFE): No hardcoded API keys, tokens, or other sensitive credentials were found in any of the scripts or documentation files.
[PROMPT_INJECTION] (SAFE): The provided instruction files (README.md, STYLE_GUIDE.md, etc.) do not contain instructions that attempt to override agent behavior or bypass safety filters.
[Indirect Prompt Injection] (SAFE): The skill features document parsing logic in scripts/parsers.py that extracts text for analysis. While this presents an ingestion surface for untrusted data, the processing is handled safely. * Ingestion point: scripts/parsers.py (reads .typ content). * Boundary markers: Not explicitly implemented in the parser. * Capability inventory: subprocess.run for compilation and querying. * Sanitization: The script performs markup removal but does not sanitize text for potential LLM instructions.

typst-paper