Skills
skills/clearsmog/claude-skills/typst/Gen Agent Trust Hub

typst

Warn

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill directs the agent to execute shell commands for document compilation using the typst CLI, including the use of the --root .. flag to access files in parent directories as described in SKILL.md and references/common-patterns.md.
  • [COMMAND_EXECUTION]: It provides instructions for environment setup, such as creating Python virtual environments with uv venv and establishing symbolic links with ln -s in references/tool-routing.md to handle specific filesystem requirements for rendering charts.
  • [COMMAND_EXECUTION]: The skill includes shell scripts in references/data-driven.md that utilize bash and jq to automate the generation of multiple documents from structured CSV or JSON files.
  • [EXTERNAL_DOWNLOADS]: The skill makes use of numerous third-party packages from the Typst Universe repository (e.g., @preview/cetz, @preview/fletcher), which are retrieved by the Typst compiler during the document build process.
  • [PROMPT_INJECTION]: The skill defines patterns for ingesting data from external sources like JSON, CSV, and YAML files (references/data-driven.md) without explicit boundary markers or sanitization logic. This untrusted data is processed in a context that includes shell execution capabilities, presenting a surface for indirect prompt injection.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 14, 2026, 07:56 PM