typst
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill includes Python scripts (
scripts/search-packages.pyandscripts/validate-examples.py) that interface with thetypstCLI. These scripts are used for routine development tasks such as checking the compiler version and validating documentation snippets via local compilation. These operations are standard for a typesetting environment. - [EXTERNAL_DOWNLOADS]: Documentation in
SKILL.mdandconversion.mdpoints users toward official sources for the Typst compiler and Pandoc, includingtypst.appand official package managers like Homebrew. These references are documented neutrally and target well-known, established services. - [REMOTE_CODE_EXECUTION]: No patterns for downloading or executing remote code from untrusted sources were detected. Script execution is confined to local utility files included with the skill.
- [DATA_EXFILTRATION]: No evidence of sensitive file access or network-based exfiltration. The skill processes local document assets and metadata consistent with its stated purpose.
- [SAFE]: Analysis of the documentation and metadata found no evidence of prompt injection, obfuscation, or persistence mechanisms. The skill maintains a legitimate structure for document processing and package development.
Audit Metadata