Skills
NYC
skills/lucifer1004/claude-skill-typst/typst/Gen Agent Trust Hub

typst

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFE
Full Analysis
  • [Command Execution] (LOW): The skill instructs the agent to run the typst compiler and pdftotext utility. These are standard tools for document processing and are essential for the skill's functionality. This finding is downgraded to SAFE as it is intrinsic to the primary purpose of the skill.
  • [Unverifiable Dependencies & Remote Code Execution] (LOW): The skill includes a local Python script (examples/perf-timings.py) and references the skill's own GitHub repository for installation. The Python script uses standard library modules (json, argparse, collections) and performs local data aggregation without executing dynamic code or making network calls.
  • [Indirect Prompt Injection] (LOW): The skill provides patterns for XML parsing and document output verification, which represent surfaces for processing external data.
  • Ingestion points: XML data via the xml() function in advanced.md and PDF text extraction via pdftotext in debug.md.
  • Boundary markers: The skill documentation in SKILL.md and perf.md explicitly mentions and encourages the use of the Typst --root flag to define security boundaries for file system access.
  • Capability inventory: Execution of typst, pdftotext, and python3 subprocesses.
  • Sanitization: No specific sanitization logic is provided in the prompts; the skill relies on the robustness of the underlying Typst and Python parsers.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:05 PM